Vulnerability Development mailing list archives

Re: /instmsg/alias/annoying_web_logs ;)

From: zeno <bugtraq () cgisecurity net>
Date: Tue, 15 Oct 2002 22:15:20 -0400 (EDT)



--=-B7AqP1iWfBBvKe0JfVO6
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Originally it is about an article from Immunity's website
(http://www.immunitysec.com/dailydave/)
-dave



Ah sorry I've never read your website. This is a known issue actually for people who pay attention
To the weblogs.

- zeno



On Tue, 2002-10-15 at 13:59, Elan Hasson wrote:

What the hell is this thread about?
=20
-----Original Message-----
From: zeno [mailto:bugtraq () cgisecurity net]
Sent: Tuesday, October 15, 2002 10:05 AM
To: H D Moore
Cc: Dave Aitel; dan () doxpara com; vuln-dev () securityfocus com
Subject: Re: /instmsg/alias/annoying_web_logs ;)
=20
=20


I get billions of these things too, its part of some MSN groups/chat
thing, essentially it takes requests the "alias" of the email address
(dave () immunitysec com =3D> /instmsg/alias/dave). Might be fun to send b=

ack

=20
These things are damn annoying. I get probably 5 of these a day and 1 per=

son

keeps checking me every
few hours.
=20
=20

some looooong responses ;) My favorites are all the ones that originate
from microsoft "tide" addresses... They send me some funny referrers fr=

om

their intranet servers once in a while too.

=20
Ha.
=20
=20

---
"Immunity also gets a lot of requests for /instmsg/alias/dave, which
doesn't exist. I'm curious what web client plugin causes this behavior.
And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and
other FrontPage-style requests. Somewhere here I smell an exploitable
client-side vulnerability."
---

=20
=20
I'm curious do we know this is MSN messanger? Anybody else know if AIM or
another client sends
these requests?
=20
- zeno
=20
=20

--=20
Dave Aitel <dave () immunitysec com>
Immunity, Inc

--=-B7AqP1iWfBBvKe0JfVO6
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA9rMgzB8JNm+PA+iURAkazAKDnldsHKa+lJwho94L4ruj4Z7tYFgCgnfH5
5yvUOI5QULCUhH7UJiqibsw=
=6xEz
-----END PGP SIGNATURE-----

--=-B7AqP1iWfBBvKe0JfVO6--

Current thread:

Re: CROSS SITE-SCRIPTING Protection with PHP, (continued)
- - - Re: CROSS SITE-SCRIPTING Protection with PHP Dan Kaminsky (Oct 14)
    - Hashes,File protection,etc Dave Aitel (Oct 14)
    - Re: Hashes,File protection,etc Dan Kaminsky (Oct 14)
    - Re: Hashes,File protection,etc Dave Aitel (Oct 14)
    - /instmsg/alias/annoying_web_logs ;) H D Moore (Oct 15)
    - Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
    - Re: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 15)
    - Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
    - RE: /instmsg/alias/annoying_web_logs ;) Elan Hasson (Oct 15)
    - RE: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 16)
    - Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 16)
    - Re: /instmsg/alias/annoying_web_logs ;) Chip McClure (Oct 15)
    - RE: /instmsg/alias/annoying_web_logs ;) Shawn K. Hall (RA/Security) (Oct 20)
    - Re: Hashes,File protection,etc Tony (Oct 15)
    - Re: Hashes,File protection,etc Roland Postle (Oct 15)
    - Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 15)
    - Re: Hashes,File protection,etc Roland Postle (Oct 16)
    - Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 16)
    - Re: Hashes,File protection,etc Bob Mathews (Oct 16)
    - Re: Hashes,File protection,etc Jose Nazario (Oct 15)
    - Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 15)

(Thread continues...)