RE: Odd MSIE html parsing

From: Golden_Eternity (bhodi_jabirat_private)
Date: Wed Jan 02 2002 - 10:45:22 PST

Next message: Ryan Yagatich: "RE: Proftpd SIGSEGV"

Previous message: Nelson Sampaio Araujo Junior: "Re: Proftpd SIGSEGV"
In reply to: Matthew S. Hallacy: "Odd MSIE html parsing"
Next in thread: Florian Hobelsberger / BlueScreen: "Re: Odd MSIE html parsing"
Reply: Florian Hobelsberger / BlueScreen: "Re: Odd MSIE html parsing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wasn't able to reproduce this with patched IE6 on 2k.

> -----Original Message-----
> From: Matthew S. Hallacy [mailto:poptixat_private]
> Sent: Wednesday, January 02, 2002 5:36 AM
> To: vuln-devat_private
> Subject: Odd MSIE html parsing
>
>
> I recieved an odd spam today, the links were obfuscated as follows:
>
> <A
> HREF="http://www.ca1.waredet.net.co.fr^T^B^T^E^T|https.travel.bzah.com^B">
>
> clicking on the link in MSIE shows the following in the address bar:
> 'http://www.ca1.waredet.net.co.fr(?????)|https.travel.bzah.com/'
> while it's really going to https.travel.bzah.com (a stupid
> angelfire spam site,
> die die die)
>
> Comments? I'm curious as to why MSIE allows control characters in the url
> like this, it didn't work in Mozilla.
>
> 				- Matthew S. Hallacy
> --
>

Next message: Ryan Yagatich: "RE: Proftpd SIGSEGV"
Previous message: Nelson Sampaio Araujo Junior: "Re: Proftpd SIGSEGV"
In reply to: Matthew S. Hallacy: "Odd MSIE html parsing"
Next in thread: Florian Hobelsberger / BlueScreen: "Re: Odd MSIE html parsing"
Reply: Florian Hobelsberger / BlueScreen: "Re: Odd MSIE html parsing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 02 2002 - 21:20:18 PST