[27459] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: Who Need Friends ? IE & MSN expose contact list & other info

daemon@ATHENA.MIT.EDU (Thor Larholm)
Wed Oct 16 18:00:41 2002

Message-ID: <000801c274e1$b9782e80$858370d4@thor2k>
From: "Thor Larholm" <thor@pivx.com>
To: "Dror Shalev" <drorshalev@hotmail.com>, <bugtraq@securityfocus.com>
Date: Wed, 16 Oct 2002 09:00:34 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

This is not a vulnerability or even privacy exposure in MSN, but just a
demonstration of zone spoofing by using the %2F encoding bug.

All the exposed MSN contact list and information is intentionally, and
safely, exposed in the My Computer zone.

Regards
Thor Larholm, Security Researcher
PivX Solutions, LLC

Are You Secure?
http://www.PivX.com

-----Original Message-----
From: drorshalev@hotmail.com [mailto:drorshalev@hotmail.com]
Sent: 15. oktober 2002 15:05
To: bugtraq@securityfocus.com
Subject: Who Need Friends ? IE & MSN expose contact list & other info


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27459] in bugtraq

RE: Who Need Friends ? IE & MSN expose contact list & other info

daemon@ATHENA.MIT.EDU (Thor Larholm)Wed Oct 16 18:00:41 2002

daemon@ATHENA.MIT.EDU (Thor Larholm)
Wed Oct 16 18:00:41 2002