[Mimedefang] Browser Bug: Very bad in IE and varies on Netscapeand Mozilla
Kenneth Porter
shiva at sewingwitch.com
Sat Dec 20 14:36:10 EST 2003
--On Saturday, December 20, 2003 12:22 AM -0500 "Kevin A. McGrail"
<kmcgrail at pccc.com> wrote:
> Therefore, my theory is that any url with %00 or %01 and an @ should be
> considered an attempt at using the exploit.
>
> uri KAM_URIPARSE /\%0[01].*\@/
I thought the exploit didn't use encoded non-printables, but depended on
"real" non-printables. The message body would contain a non-printing
character (NUL and Ctrl-A are just the ones used in the examples)
immediately after the fake part of the URI and IE doesn't display the rest
of the actual URI.
More information about the MIMEDefang
mailing list