OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Liu Die Yu (liudieyuinchina_at_yahoo.com.cn)
Date: Tue Sep 03 2002 - 07:49:20 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ('binary' encoding is not supported, stored as-is) it's about cross-site scripting at MSIEv6 client side using % encoding,
    but not the same as the one by PeaceFire.org which doesn't work on my PC.

    [tested]MSIEv6(CN version)
    {IEXPLORE.EXE file version: 6.0.2600.0000}
    {MSHTML.DLL file version: 6.00.2600.0000}

    [demo]
    at
    http://www16.brinkster.com/liudieyu/2FforMSIE/2FforMSIE-MyPage.htm
    or
    clik.to/liudieyu ==> 2FforMSIE-MyPage section.

    [exp]
    %?? in URL is decoded when IE caculates the domain, but not decoded while
    downloading a page.
    so
    [CODE.URL]clik.to/liudieyu">http://www.yahoo.com%2Fclik.to/liudieyu
    ( 2F=hex$(asc('/')) )
    leads to clik.to/liudieyu instead of www.yahoo.com, and the domain of it
    www.yahoo.com for IE

    Very simple, that's all.

    [contact]
    liudieyuinchinayahoo.com.cn