Internet Explorer URL Display problem

Thu Dec 11 15:42:25 GMT 2003

On Thursday 11 December 2003 3:34 pm, Julian Field wrote:

> At 15:27 11/12/2003, you wrote:
> >%0[0-9] would be better (or something like that).
>
> %[01][0-9a-fA-F]
> instead of
> %01
> perhaps?
>
> I would imagine that the guy who found this exploit tested other characters
> too and found them not to be vulnerable. So %01 is probably good enough.

The report at http://www.secunia.com/advisories/10395 mentions that %00 at
least is also effective.

Antony.

--
If you want to be happy for an hour, get drunk.
If you want to be happy for a year, get married.
If you want to be happy for a lifetime, get a garden.

                                                     Please reply to the list;
                                                           please don't CC me.