On 2011/11/28 05:43, RW wrote:
On Sun, 27 Nov 2011 22:43:00 +0100
Thierry Besancon wrote:
On 2011-11-27 13:26:43, jdow wrote:
Which browser(s) treat addresses of the form
178.000235.0000150.000372 as actual addresses? That seems like a
serious fault in the browsers.
According to C standards, a number beginning with a 0 is an base 8
number.
So 000235 is legal. It means 157 in decimal.
So 000150 is legal. It means 104 in decimal.
So 000372 is legal. It means 250 in decimal.
So this is address 178.157.104.250 which is a legal IP address.
So there is no serious fault. Just your ignorance of C programming ;-)
The doesn't have anything to do with C programming. The implication
is that a browser might ignore leading zeros when parsing an IP address.
The implication is that it's yet another way to obfuscate addresses. It
is NOT legal in a URL regardless of its legality in C. Any browser that
reads that URL is broken. Which one(s) accept it? They probably have a
gaping vulnerability the URL in question takes advantage of.
{^_^}
