Originally it is about an article from Immunity's website (http://www.immunitysec.com/dailydave/) -dave On Tue, 2002-10-15 at 13:59, Elan Hasson wrote: > What the hell is this thread about? > > -----Original Message----- > From: zeno [mailto:bugtraqat_private] > Sent: Tuesday, October 15, 2002 10:05 AM > To: H D Moore > Cc: Dave Aitel; danat_private; vuln-devat_private > Subject: Re: /instmsg/alias/annoying_web_logs ;) > > > > > > I get billions of these things too, its part of some MSN groups/chat > > thing, essentially it takes requests the "alias" of the email address > > (daveat_private => /instmsg/alias/dave). Might be fun to send back > > These things are damn annoying. I get probably 5 of these a day and 1 person > keeps checking me every > few hours. > > > > some looooong responses ;) My favorites are all the ones that originate > > from microsoft "tide" addresses... They send me some funny referrers from > > their intranet servers once in a while too. > > > > Ha. > > > > --- > > "Immunity also gets a lot of requests for /instmsg/alias/dave, which > > doesn't exist. I'm curious what web client plugin causes this behavior. > > And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and > > other FrontPage-style requests. Somewhere here I smell an exploitable > > client-side vulnerability." > > --- > > > > > I'm curious do we know this is MSN messanger? Anybody else know if AIM or > another client sends > these requests? > > - zeno > > -- Dave Aitel <daveat_private> Immunity, Inc
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 08:01:50 PDT