Matt Dickinson wrote: > > I saw this recently in a newsgroup, I can't believe it's real, and found > no mention when browsing the news sections on either of the company > websites. Isn't this a good example? > > >=- Manolo -=| wrote: > > > http://www.microsoft.com&item%3Dq209354at_private/1338825GHU_98.as > p That's a different class of problem. As some have already advised, you need to RTFM: q209354at_private/nyheter/feb01/Q209354%20-%20HOWTO.htm">http://www.microsoft.com&item=q209354at_private/nyheter/feb01/Q209354%20-%20HOWTO.htm :) The @ is a delimiter between the authentication info, and the rest of the URL. An easier to understand example is passwordat_private">http://username:passwordat_private This kind of confusion is probably just as effective as a good CSS attack, perhaps even more so. Ever wonder how they got www.@stake.com, when @ isn't a legal DNS character? BB
This archive was generated by hypermail 2b30 : Fri Feb 01 2002 - 19:10:50 PST