This makes sense... I did try windows and Linux... neither worked, and by not worked, they all gave a browser error.
But I don't have an unpatched IE to work with... and neither should YOU. :) CJK On Friday 03 February 2006 15:36, Brian Henning wrote: > I believe it works in certain unpatched versions of IE.. I remember > seeing a patch come along addressing the "dotless URL vulnerability" > some time ago. > > ~B > > Christopher J. Knowles wrote: > > I'm more interested in which browser this worked in... I've tried it in > > IE, Mozilla-Firefox, Mozilla, and Konqueror, none of them worked. > > > > CJK > > > > On Friday 03 February 2006 15:16, Christopher L Merrill wrote: > >>I didn't think this was a legal URL without a top-level domain: > >> http://3400329509/ > >>but it worked in my browser > >>(the whole URL was http://3400329509/paypal.com/us/cgi-bin/index.php, > >>the site for a paypal scammer in Indonesia) > >> > >>pinging 3400329509, much to my suprise, resolved to > >> 202.172.233.37 > >> > >>nslookup resulted in: > >> $ nslookup 3400329509 > >> Server: rlghnc-dns-cac-06.nc.rr.com > >> Address: 24.25.5.51 > >> *** rlghnc-dns-cac-06.nc.rr.com can't find 3400329509: Non-existent > >>domain > >> > >>Also, a whois lookup fails...so I'm assuming there is some numeric > >>decoding applied by the network stack to turn it into an IP address... > >>anyone know what that decoding is? > >> > >>-- > >>------------------------------------------------------------------------- > >>Chris Merrill | http://www.webperformance.com > >>Web Performance Inc. > >> > >>Website Load Testing and Stress Testing Software > >>------------------------------------------------------------------------- > > -- > ---------------- > Brian A. Henning > strutmasters.com > 336.597.2397x238 > ---------------- -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
