BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: Internet Explorer URL parsing vulnerability Dec 09 2003 10:10PM
Nick FitzGerald (nick virus-l demon co uk)
<bugtraq (at) zapthedingbat (dot) com [email concealed]> wrote:

> By opening a window using the http://user@domain nomenclature an
> attacker can hide the real location of the page by including a 0x01
> character after the "@" character. ...

"before" methinks (as in your example!).

> ... Internet Explorer doesn't display t...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus