[TriLUG] OT: how can this URL resolve?
Brian Henning
brian at strutmasters.com
Fri Feb 3 15:36:13 EST 2006
I believe it works in certain unpatched versions of IE.. I remember
seeing a patch come along addressing the "dotless URL vulnerability"
some time ago.
~B
Christopher J. Knowles wrote:
> I'm more interested in which browser this worked in... I've tried it in IE,
> Mozilla-Firefox, Mozilla, and Konqueror, none of them worked.
>
> CJK
>
> On Friday 03 February 2006 15:16, Christopher L Merrill wrote:
>
>>I didn't think this was a legal URL without a top-level domain:
>> http://3400329509/
>>but it worked in my browser
>>(the whole URL was http://3400329509/paypal.com/us/cgi-bin/index.php,
>>the site for a paypal scammer in Indonesia)
>>
>>pinging 3400329509, much to my suprise, resolved to
>> 202.172.233.37
>>
>>nslookup resulted in:
>> $ nslookup 3400329509
>> Server: rlghnc-dns-cac-06.nc.rr.com
>> Address: 24.25.5.51
>> *** rlghnc-dns-cac-06.nc.rr.com can't find 3400329509: Non-existent
>>domain
>>
>>Also, a whois lookup fails...so I'm assuming there is some numeric
>>decoding applied by the network stack to turn it into an IP address...
>>anyone know what that decoding is?
>>
>>--
>>-------------------------------------------------------------------------
>>Chris Merrill | http://www.webperformance.com
>>Web Performance Inc.
>>
>>Website Load Testing and Stress Testing Software
>>-------------------------------------------------------------------------
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
More information about the TriLUG
mailing list