> From: Brett Moore > Probably a more reliable and safe way of testing if this patch > is installed or not, would be to test 1 of the css holes? You could use the 404 CSS error to check if the server has the patch installed. Make a request for some non-existant page, e.g. http://YOUR.TLD/3lkb54j6b4kjb6jk456bk45bk45jb, then read line 42 and compare. Not patched line 42: document.write( '<A HREF="' + escape(urlresult) + '">' + displayresult + "</a>"); Patched line 42: InsertElementAnchor(urlresult, displayresult); Custom 404 page: Anything else. If they bothered to make a custom 404 page, they probably also bothered to apply critical patches as this one. This is all demonstrated at http://jscript.dk/adv/TL001/, where a quick survey of the "Simple" examples show that hotmail.msn.com, passport.com and lc2.law5.hotmail.passport.com are still unpatched. You may get different results from testing, as they most likely run in a cluster. Regards Thor Larholm Jubii A/S - Internet Programmer
This archive was generated by hypermail 2b30 : Sat Apr 13 2002 - 23:06:00 PDT