I believe it works in certain unpatched versions of IE.. I remember
seeing a patch come along addressing the "dotless URL vulnerability"
some time ago.
~B
Christopher J. Knowles wrote:
I'm more interested in which browser this worked in... I've tried it in IE,
Mozilla-Firefox, Mozilla, and Konqueror, none of them worked.
CJK
On Friday 03 February 2006 15:16, Christopher L Merrill wrote:
I didn't think this was a legal URL without a top-level domain:
http://3400329509/
but it worked in my browser
(the whole URL was http://3400329509/paypal.com/us/cgi-bin/index.php,
the site for a paypal scammer in Indonesia)
pinging 3400329509, much to my suprise, resolved to
202.172.233.37
nslookup resulted in:
$ nslookup 3400329509
Server: rlghnc-dns-cac-06.nc.rr.com
Address: 24.25.5.51
*** rlghnc-dns-cac-06.nc.rr.com can't find 3400329509: Non-existent
domain
Also, a whois lookup fails...so I'm assuming there is some numeric
decoding applied by the network stack to turn it into an IP address...
anyone know what that decoding is?
--
-------------------------------------------------------------------------
Chris Merrill | http://www.webperformance.com
Web Performance Inc.
Website Load Testing and Stress Testing Software
-------------------------------------------------------------------------
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
