not that i know how or if its exploitable but since allmost every sloppy M$-fault generally results in a rootshell i thought someone might be able to use / do something with this

if you have an ftp account with a password that has an as the last letter, ie is unable to parse that to a successfull connection;
i first saw this in ie4 , but lately i tested on ie6 and still they couldnt cope
(for that matter ncftp on linux cant either, .. (didnt try to encode my pw, . felt it wasnt the appropriate thing for a user to do ) )

so theres a lotta sloppyness on that part

hehe, ... so if the pw field is built sloppy , maybe inserting 255 null chars will do something interesting also :)

happy hunting ;-)

thijs

--
"if you like going on vacation, youre in the wrong line of work"

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]