Curious. I wondered why I didn't see the little control character marker in there when I pulled this page up like I did with the front page. It's interesting, too, that someone should bother to put this sort of stuff in the form action section - but as a test I went and filled out the initial form with random info, just to see what the whole thing looked like.
Figured that maybe they were putting the text in place to 'fill' your status bar so that you couldn't see the real stuff at the end of it. Seemed to be what happened. It seems like so much work to bother with the 0x01 exploit at the beginning of the whole thing, when you could have just as readily done all this with javascript onmouseover events so that unless you looked at the source, the button would have looked totally legit. .dfbarth *** David Bartholomew, MCSE, MCSA, MCP, Net+, A+ Technical Lead - Akiva, Inc. *** -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Paul Szabo Sent: Sunday, January 11, 2004 12:37 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] 3 new MS patches next week... but none fix 0x01! > ... and I've got this question for the list: > > This really long 'form action' item > http://www.citibank.com:achaaa9uwdtyazjwvwaaaa9p398haaa9uwdtyazjwvwaboundpyw > wgc2l6zt00pjxtvgc2l6zt00pjxywwgc2l6zt00pjxt398haaa9uwdtyazjwvwaaoundpywwgc2l > [EMAIL PROTECTED]/login/form.php > > obviously contains the 0x01 exploit. What I'm curious about is the HUGE > amount of crap in between the : and the @ sign. I mean, if the 0x01 exploit > is 'good enough', what's with the extra characters? Hmmm... where in there do you see %01? No, that is no 0x01 exploit, but just user:[EMAIL PROTECTED] quasi-RFC-compliant usage. The string is long so as to leave the user staring at the citibank+gibberish part, not to be made suspicious of the @IP part. Cheers, Paul Szabo - [EMAIL PROTECTED] http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
