> ... and I've got this question for the list: > > This really long 'form action' item > http://www.citibank.com:achaaa9uwdtyazjwvwaaaa9p398haaa9uwdtyazjwvwaboundpyw > wgc2l6zt00pjxtvgc2l6zt00pjxywwgc2l6zt00pjxt398haaa9uwdtyazjwvwaaoundpywwgc2l > [EMAIL PROTECTED]/login/form.php > > obviously contains the 0x01 exploit. What I'm curious about is the HUGE > amount of crap in between the : and the @ sign. I mean, if the 0x01 exploit > is 'good enough', what's with the extra characters?
Hmmm... where in there do you see %01? No, that is no 0x01 exploit, but just user:[EMAIL PROTECTED] quasi-RFC-compliant usage. The string is long so as to leave the user staring at the citibank+gibberish part, not to be made suspicious of the @IP part. Cheers, Paul Szabo - [EMAIL PROTECTED] http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
