MS XSS

Printable View

11-10-2007, 04:27 PM
unix

MS XSS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Man... MS are so open ...

[url]http://s5h.net/u?46[/url]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHNdvZ4dyr7s6PRYgRAoi2AKCQkw3SM+Oec6ME4b9s3HEGjchcQwCeJvW1
Q4XBW6bsdeI1roHg+8FEtvA=
=jy+v
-----END PGP SIGNATURE-----
11-10-2007, 06:57 PM
unix

Re: MS XSS

After takin' a swig o' grog, ed belched out this bit o' wisdom:
[color=blue]
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Man... MS are so open ...
>
> [url]http://s5h.net/u?46[/url][/color]

What's up with the moving all over the desktop?

[url]http://www.internetisseriousbusiness.com/[/url]

Hardwiring the script to 1600x1200? How neophyte!

And thank God for the kill command.

--
Tux rox!
11-10-2007, 08:43 PM
unix

Re: MS XSS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 10 Nov 2007 18:57:52 GMT
Linonut <linonut@be11south.net> wrote:

[color=blue][color=green]
> > Man... MS are so open ...
> >
> > [url]http://s5h.net/u?46[/url]
[/color]
>
> What's up with the moving all over the desktop?
>
> [url]http://www.internetisseriousbusiness.com/[/url]
>
> Hardwiring the script to 1600x1200? How neophyte!
>
> And thank God for the kill command.
[/color]

Do you like the way that its using a MS XSS vuln? I wonder how many
people have used that to make a fake passport login page :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHNhea4dyr7s6PRYgRAi7CAJ9zlyvERVlF+j2nCMOuL0595fhpDQCbB9dy
Iid4qjvREVs+eOeDBXkQAVA=
=a3aB
-----END PGP SIGNATURE-----
11-10-2007, 11:42 PM
unix

Re: MS XSS

____/ ed on Saturday 10 November 2007 20:43 : \____
[color=blue]
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sat, 10 Nov 2007 18:57:52 GMT
> Linonut <linonut@be11south.net> wrote:
>[color=green][color=darkred]
>> > Man... MS are so open ...
>> >
>> > [url]http://s5h.net/u?46[/url][/color]
>>
>> What's up with the moving all over the desktop?
>>
>> [url]http://www.internetisseriousbusiness.com/[/url]
>>
>> Hardwiring the script to 1600x1200? How neophyte!
>>
>> And thank God for the kill command.[/color]
>
> Do you like the way that its using a MS XSS vuln? I wonder how many
> people have used that to make a fake passport login page :-)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFHNhea4dyr7s6PRYgRAi7CAJ9zlyvERVlF+j2nCMOuL0595fhpDQCbB9dy
> Iid4qjvREVs+eOeDBXkQAVA=
> =a3aB
> -----END PGP SIGNATURE-----[/color]

It was spotted by one of the Diggers in the security section of Digg about a
year ago and I posted this to COLA.

Worry not however. Microsoft will hire someone to cover up with an excuse.

Yes, Microsoft is hiring.

[url]http://msdn.microsoft.com/library/default.asp?url=//schestowitz.com/Amusement/usenet-shill/[/url]

--
~~ Best of wishes

This sedentary lifestyle on the Net leads to fatigue. And then you wake up.
[url]http://Schestowitz.com[/url] | Open Prospects | PGP-Key: 0x74572E8E
Tasks: 111 total, 1 running, 110 sleeping, 0 stopped, 0 zombie
[url]http://iuron.com[/url] - knowledge engine, not a search engine
11-11-2007, 01:11 AM
unix

Re: MS XSS

On Sat, 10 Nov 2007 23:42:26 +0000, Roy Schestowitz wrote:
[color=blue]
> ____/ ed on Saturday 10 November 2007 20:43 : \____
>[color=green]
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Sat, 10 Nov 2007 18:57:52 GMT
>> Linonut <linonut@be11south.net> wrote:
>>[color=darkred]
>>> > Man... MS are so open ...
>>> >
>>> > [url]http://s5h.net/u?46[/url]
>>>
>>> What's up with the moving all over the desktop?
>>>
>>> [url]http://www.internetisseriousbusiness.com/[/url]
>>>
>>> Hardwiring the script to 1600x1200? How neophyte!
>>>
>>> And thank God for the kill command.[/color]
>>
>> Do you like the way that its using a MS XSS vuln? I wonder how many
>> people have used that to make a fake passport login page :-)
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.6 (GNU/Linux)
>>
>> iD8DBQFHNhea4dyr7s6PRYgRAi7CAJ9zlyvERVlF+j2nCMOuL0595fhpDQCbB9dy
>> Iid4qjvREVs+eOeDBXkQAVA=
>> =a3aB
>> -----END PGP SIGNATURE-----[/color]
>
> It was spotted by one of the Diggers in the security section of Digg about a
> year ago and I posted this to COLA.
>
> Worry not however. Microsoft will hire someone to cover up with an excuse.
>
> Yes, Microsoft is hiring.
>
> [url]http://msdn.microsoft.com/library/default.asp?url=//schestowitz.com/Amusement/usenet-shill/[/url][/color]

Actually, that appears to be a flaw in firefox, not ie (at least not IE7).

When i go there in Firefox, i get the redirected url. When I go in IE7, i
get "page cannot be found"
11-11-2007, 05:47 PM
unix

Re: MS XSS

Erik Funkenbusch wrote:
[color=blue]
> Actually, that appears to be a flaw in firefox, not ie (at least not IE7).[/color]
[color=blue]
> When i go there in Firefox, i get the redirected url. When I go in IE7, i get "page cannot be found"[/color]

Which bits in msdn.microsoft.com detect Firefox and serve up different
code ? You know like the bits in Hotmail that strip off the file type
extension if you are not using IExplore ..
11-11-2007, 07:43 PM
unix

Re: MS XSS

On 11 Nov, 17:57, Erik Funkenbusch <e...@despam-funkenbusch.com>
wrote:
[color=blue]
> On Sun, 11 Nov 2007 17:47:30 +0000, Doug Mentohl wrote:[color=green]
>> Erik Funkenbusch wrote:[/color][/color]
[color=blue][color=green]
>> Which bits in msdn.microsoft.com detect Firefox and serve up different code ? You know like the bits in Hotmail that strip off the file type extension if you are not using IExplore ..[/color][/color]
[color=blue]
> It's the same code in FF as IE7. I've compared the served code ..[/color]

Can we see, not that I don't doubt your word .. :)

[url]http://www.extremetech.com/article2/0,3973,890280,00.asp[/url]
11-11-2007, 07:53 PM
unix

Re: MS XSS

On Sun, 11 Nov 2007 11:43:12 -0800, Doug Mentohl wrote:
[color=blue]
> On 11 Nov, 17:57, Erik Funkenbusch <e...@despam-funkenbusch.com>
> wrote:
>[color=green]
>> On Sun, 11 Nov 2007 17:47:30 +0000, Doug Mentohl wrote:[color=darkred]
>>> Erik Funkenbusch wrote:[/color][/color]
>[color=green][color=darkred]
>>> Which bits in msdn.microsoft.com detect Firefox and serve up different code ? You know like the bits in Hotmail that strip off the file type extension if you are not using IExplore ..[/color][/color]
>[color=green]
>> It's the same code in FF as IE7. I've compared the served code ..[/color]
>
> Can we see, not that I don't doubt your word .. :)
>
> [url]http://www.extremetech.com/article2/0,3973,890280,00.asp[/url][/color]

Go ahead, i'm not stopping you.
11-11-2007, 09:36 PM
unix

Re: MS XSS

Doug Mentohl wrote:[color=blue]
> Erik Funkenbusch wrote:[color=green]
>> Doug Mentohl wrote:[color=darkred]
>>> Erik Funkenbusch wrote:[/color][/color]
>[color=green][color=darkred]
>>> Which bits in msdn.microsoft.com detect Firefox and serve
>>> up different code ? You know like the bits in Hotmail that
>>> strip off the file type extension if you are not using
>>> IExplore ..[/color][/color]
>[color=green]
>> It's the same code in FF as IE7. I've compared the served
>> code ..[/color]
>
> Can we see, not that I don't doubt your word .. :)
>
> [url]http://www.extremetech.com/article2/0,3973,890280,00.asp[/url][/color]

Same has happened in IE 6 about a week ago. I ended up doing a
<CTRL-ALT-DEL>, bring up Task Manager and killing IE 6. This had
to do with a deviant advertiser on [url]http://www.m-w.com/[/url] AKA
Mirriam Webster dictionary site. Since then, it has been
removed. (However, it breeched my trust with M-W.)

It was one of those "Click this to download" security checker.
Yeah, right. Clicking on upper right hand "X" kept the nuisant
dialogue box returning. I wasn't about to click the decline button.

Then I did the next best thing. I replaced the favourite with
the UK Cambridge dictionary site, [url]http://dictionary.cambridge.org/[/url]

That site has no nasties. Problem solved.

--
HPT
11-11-2007, 10:33 PM
unix

Re: MS XSS

____/ Doug Mentohl on Sunday 11 November 2007 17:47 : \____
[color=blue]
> Erik Funkenbusch wrote:
>[color=green]
>> Actually, that appears to be a flaw in firefox, not ie (at least not IE7).[/color]
>[color=green]
>> When i go there in Firefox, i get the redirected url. When I go in IE7, i
>> get "page cannot be found"[/color]
>
> Which bits in msdn.microsoft.com detect Firefox and serve up different
> code ? You know like the bits in Hotmail that strip off the file type
> extension if you are not using IExplore ..[/color]

That was hilarious. I said in my previous post:

[color=blue]
> Worry not however. Microsoft will hire someone to cover up with an excuse.[/color]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

That's Erik, blaming Mozilla.
[color=blue]
> Yes, Microsoft is hiring.
>
> [url]http://msdn.micro....url=///Amusement/usenet-shill/[/url][/color]
^^^^^^^^^^^^^^^^^^^^^^

Ah! It figures...

--
~~ Best of wishes

Roy S. Schestowitz | Run a Linux server, sit on your hands all day
[url]http://Schestowitz.com[/url] | Free as in Free Beer | PGP-Key: 0x74572E8E
Load average (/proc/loadavg): 0.97 1.35 1.64 2/168 20932
[url]http://iuron.com[/url] - semantic search engine project initiative
11-12-2007, 12:48 PM
unix

Re: MS XSS

After takin' a swig o' grog, ed belched out this bit o' wisdom:
[color=blue]
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sat, 10 Nov 2007 18:57:52 GMT
> Linonut <linonut@be11south.net> wrote:
>[color=green][color=darkred]
>> > Man... MS are so open ...
>> >
>> > [url]http://s5h.net/u?46[/url][/color]
>>
>> What's up with the moving all over the desktop?
>>
>> [url]http://www.internetisseriousbusiness.com/[/url]
>>
>> Hardwiring the script to 1600x1200? How neophyte!
>>
>> And thank God for the kill command.[/color]
>
> Do you like the way that its using a MS XSS vuln? I wonder how many
> people have used that to make a fake passport login page :-)[/color]

I didn't get a login page. I got some lame-ass music video. Reminded
me of the Back Door Boys.

--
Tux rox!
11-12-2007, 12:52 PM
unix

Re: MS XSS

After takin' a swig o' grog, Erik Funkenbusch belched out this bit o' wisdom:
[color=blue]
> On Sun, 11 Nov 2007 17:47:30 +0000, Doug Mentohl wrote:
>[color=green]
>> Erik Funkenbusch wrote:
>>[color=darkred]
>>> Actually, that appears to be a flaw in firefox, not ie (at least not IE7).[/color]
>>[color=darkred]
>>> When i go there in Firefox, i get the redirected url. When I go in IE7, i get "page cannot be found"[/color]
>>
>> Which bits in msdn.microsoft.com detect Firefox and serve up different
>> code ? You know like the bits in Hotmail that strip off the file type
>> extension if you are not using IExplore ..[/color]
>
> It's the same code in FF as IE7. I've compared the served code. But I
> wouldn't expect you to figure out that you can do that Duh!g. That would
> take too much brain power. Instead, you like to make baseless accusations.[/color]

What's up with the Javascript on msdn2?

I have to disable Javascript in Firefox to get the pages to load. I
think I also have to do it in IE6 on Windows, too. Irritating.

It's a real annoyance, especially when I go to do my time sheet, and
find I have Javascript disabled.

--
Tux rox!