lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 10 Dec 2003 12:39:09 -0700
From: William Stockall <wstockal@...pusmart.ab.ca>
To: Pedro Castro <noupy@...l.telepac.pt>
Cc: bugtraq@...urityfocus.com
Subject: Re: Internet Explorer URL parsing vulnerability


I don't see this problem with Mozilla Firebird 0.7.  It displays the 
whole URL including the %01 and everything after the @ symbol.

			Will.

Pedro Castro wrote:
> It does also apply to Mozilla Firebird 0.7.
> 
> 
> 
> John W. Noerenberg II wrote:
> 
>> This exploit also applies to the Macintosh version of Explorer 
>> v5.2.3(5815.1)
>>
>>> From: <bugtraq@...thedingbat.com>
>>> To: bugtraq@...urityfocus.com
>>> Subject: Internet Explorer URL parsing vulnerability
>>>
>>>
>>>
>>> Internet Explorer URL parsing vulnerability
>>> Vendor Notified 09 December, 2003
>>>
>>> # Vulnerability ##########
>>> There is a flaw in the way that Internet Explorer displays URLs in 
>>> the address bar.
>>>
>>> By opening a specially crafted URL an attacker can open a page that 
>>> appears to be from a different domain from the current location.
>>>
>>> # Exploit ##########
>>> By opening a window using the http://user@...ain nomenclature an 
>>> attacker can hide the real location of the page by including a 0x01 
>>> character after the "@" character.
>>> Internet Explorer doesn't display the rest of the URL making the page 
>>> appear to be at a different domain.
>>>
>>> # POC ##########
>>> http://www.zapthedingbat.com/security/ex01/vun1.htm
>>>
>>> # Tested ##########
>>> Internet Explorer
>>> Version 6.0.2800.1106C0
>>> Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>>>
>>> # Credit ##########
>>> Zap The Dingbat
>>> http://www.zapthedingbat.com/
>>
>>
>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ