Bugtraq mailing list archives
Re: IIS still revealing paths for web directories
From: scott () AXE NET AU (Scott Buchanan)
Date: Fri, 14 Jan 2000 10:13:19 +1100
Georgi Guninski wrote:
For Communicator: http://www.microsoft.com/%3CIMG%20SRC=javascript:alert("window.location:"+window.location)%3E.ida
This link comes out as: http://www.microsoft.com/%3CIMG%20SRC=javascript:alert( presumably because the quotes need to be % encoded as well. http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(%34window.location:%34%43window.location)%3E.ida This link, while it seems to work in as far as you can go to the correct link, the Javascript doesn't get executed on this copy of Netscape 4.7 -Scott Buchanan Axe Communications
Current thread:
- Re: Microsoft Security Bulletin (MS00-005), (continued)
- Re: Microsoft Security Bulletin (MS00-005) bugtraq () NS DOOMSDAY COM (Jan 19)
- Re: Microsoft Security Bulletin (MS00-005) Matt Davis (Jan 19)
- Re: Microsoft Security Bulletin (MS00-005) Tabor J. Wells (Jan 19)
- Unixware ppptalk what's your style? (Jan 19)
- Re: Unixware ppptalk Andrew Malcolm (Jan 21)
- Re: IIS still revealing paths for web directories Henrik Nordstrom (Jan 15)
- Re: IIS still revealing paths for web directories Antonio Ropero (Jan 15)
- Re: IIS still revealing paths for web directories Chris Tobkin (Jan 18)
- SRS Addendum Matt Conover (Jan 12)
- Re: IIS still revealing paths for web directories Georgi Guninski (Jan 13)
- Re: IIS still revealing paths for web directories Scott Buchanan (Jan 13)
- Re: IIS still revealing paths for web directories Taneli Huuskonen (Jan 15)
- Fwd: Crash identified in Notes, Domino, and MTA with Date Conversio ns Xander Teunissen (Jan 14)
- Re: IIS still revealing paths for web directories Norbert Luckhardt (Jan 15)
- usual iploggers miss some variable stealth scans vecna (Jan 17)
- Re: usual iploggers miss some variable stealth scans Simple Nomad (Jan 17)
- AW: usual iploggers miss some variable stealth scans Tobi (Jan 18)
- AW: usual iploggers miss some variable stealth scans Tobi (Jan 19)
- Warning: VCasel security hole. bob mare (Jan 18)
- Re: usual iploggers miss some variable stealth scans Alec Kosky (Jan 18)
- Re: usual iploggers miss some variable stealth scans Andrea Gho (Jan 20)