Re: /instmsg/alias/annoying_web_logs ;)

From: zeno (bugtraqat_private)
Date: Tue Oct 15 2002 - 19:15:20 PDT

Next message: Dave Aitel: "RE: /instmsg/alias/annoying_web_logs ;)"

Previous message: Chip McClure: "Re: /instmsg/alias/annoying_web_logs ;)"
Next in thread: Tony: "Re: Hashes,File protection,etc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> 
> --=-B7AqP1iWfBBvKe0JfVO6
> Content-Type: text/plain
> Content-Transfer-Encoding: quoted-printable
> 
> Originally it is about an article from Immunity's website
> (http://www.immunitysec.com/dailydave/)
> -dave


Ah sorry I've never read your website. This is a known issue actually for people who pay attention
To the weblogs.

- zeno 

> 
> 
> On Tue, 2002-10-15 at 13:59, Elan Hasson wrote:
> > What the hell is this thread about?
> >=20
> > -----Original Message-----
> > From: zeno [mailto:bugtraqat_private]
> > Sent: Tuesday, October 15, 2002 10:05 AM
> > To: H D Moore
> > Cc: Dave Aitel; danat_private; vuln-devat_private
> > Subject: Re: /instmsg/alias/annoying_web_logs ;)
> >=20
> >=20
> > >
> > > I get billions of these things too, its part of some MSN groups/chat
> > > thing, essentially it takes requests the "alias" of the email address
> > > (daveat_private =3D> /instmsg/alias/dave). Might be fun to send b=
> ack
> >=20
> > These things are damn annoying. I get probably 5 of these a day and 1 per=
> son
> > keeps checking me every
> > few hours.
> >=20
> >=20
> > > some looooong responses ;) My favorites are all the ones that originate
> > > from microsoft "tide" addresses... They send me some funny referrers fr=
> om
> > > their intranet servers once in a while too.
> > >
> >=20
> > Ha.
> >=20
> >=20
> > > ---
> > > "Immunity also gets a lot of requests for /instmsg/alias/dave, which
> > > doesn't exist. I'm curious what web client plugin causes this behavior.
> > > And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and
> > > other FrontPage-style requests. Somewhere here I smell an exploitable
> > > client-side vulnerability."
> > > ---
> > >
> >=20
> >=20
> > I'm curious do we know this is MSN messanger? Anybody else know if AIM or
> > another client sends
> > these requests?
> >=20
> > - zeno
> >=20
> >=20
> --=20
> Dave Aitel <daveat_private>
> Immunity, Inc
> 
> --=-B7AqP1iWfBBvKe0JfVO6
> Content-Type: application/pgp-signature; name=signature.asc
> Content-Description: This is a digitally signed message part
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQA9rMgzB8JNm+PA+iURAkazAKDnldsHKa+lJwho94L4ruj4Z7tYFgCgnfH5
> 5yvUOI5QULCUhH7UJiqibsw=
> =6xEz
> -----END PGP SIGNATURE-----
> 
> --=-B7AqP1iWfBBvKe0JfVO6--
> 
>

Next message: Dave Aitel: "RE: /instmsg/alias/annoying_web_logs ;)"
Previous message: Chip McClure: "Re: /instmsg/alias/annoying_web_logs ;)"
Next in thread: Tony: "Re: Hashes,File protection,etc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 06:06:39 PDT