[Full-disclosure] FIREFOX 2.0.0.5 new vulnerability
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Jul 25 10:17:47 BST 2007
On Wed, 25 Jul 2007 11:38:57 +0300, Mesut EREN said:
> Example code is
<A HREF="mailto:%00%00../../../../../../windows/system32/cmd">
<A HREF="nntp:%00%00../../../../../../windows/system32/cmd">
What did you *expect* each of these to do, and what actually happened?
(And it's totally unclear what your '- blah.bat' was intended to do, as it
was just text outside the <A>..</A> pair.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070725/70911a48/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.