OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: zeno (bugtraq_at_cgisecurity.net)
Date: Tue Oct 15 2002 - 21:15:20 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    >
    >
    > --=-B7AqP1iWfBBvKe0JfVO6
    > Content-Type: text/plain
    > Content-Transfer-Encoding: quoted-printable
    >
    > Originally it is about an article from Immunity's website
    > (http://www.immunitysec.com/dailydave/)
    > -dave

    Ah sorry I've never read your website. This is a known issue actually for people who pay attention
    To the weblogs.

    - zeno

    >
    >
    > On Tue, 2002-10-15 at 13:59, Elan Hasson wrote:
    > > What the hell is this thread about?
    > >=20
    > > -----Original Message-----
    > > From: zeno [mailto:bugtraqcgisecurity.net]
    > > Sent: Tuesday, October 15, 2002 10:05 AM
    > > To: H D Moore
    > > Cc: Dave Aitel; dandoxpara.com; vuln-devsecurityfocus.com
    > > Subject: Re: /instmsg/alias/annoying_web_logs ;)
    > >=20
    > >=20
    > > >
    > > > I get billions of these things too, its part of some MSN groups/chat
    > > > thing, essentially it takes requests the "alias" of the email address
    > > > (daveimmunitysec.com =3D> /instmsg/alias/dave). Might be fun to send b=
    > ack
    > >=20
    > > These things are damn annoying. I get probably 5 of these a day and 1 per=
    > son
    > > keeps checking me every
    > > few hours.
    > >=20
    > >=20
    > > > some looooong responses ;) My favorites are all the ones that originate
    > > > from microsoft "tide" addresses... They send me some funny referrers fr=
    > om
    > > > their intranet servers once in a while too.
    > > >
    > >=20
    > > Ha.
    > >=20
    > >=20
    > > > ---
    > > > "Immunity also gets a lot of requests for /instmsg/alias/dave, which
    > > > doesn't exist. I'm curious what web client plugin causes this behavior.
    > > > And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and
    > > > other FrontPage-style requests. Somewhere here I smell an exploitable
    > > > client-side vulnerability."
    > > > ---
    > > >
    > >=20
    > >=20
    > > I'm curious do we know this is MSN messanger? Anybody else know if AIM or
    > > another client sends
    > > these requests?
    > >=20
    > > - zeno
    > >=20
    > >=20
    > --=20
    > Dave Aitel <daveimmunitysec.com>
    > Immunity, Inc
    >
    > --=-B7AqP1iWfBBvKe0JfVO6
    > Content-Type: application/pgp-signature; name=signature.asc
    > Content-Description: This is a digitally signed message part
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.0.6 (GNU/Linux)
    > Comment: For info see http://www.gnupg.org
    >
    > iD8DBQA9rMgzB8JNm+PA+iURAkazAKDnldsHKa+lJwho94L4ruj4Z7tYFgCgnfH5
    > 5yvUOI5QULCUhH7UJiqibsw=
    > =6xEz
    > -----END PGP SIGNATURE-----
    >
    > --=-B7AqP1iWfBBvKe0JfVO6--
    >
    >