Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 12/11/03
- Previous message: Rob Barrett: "[Full-Disclosure] Security....hmmmmm"
- In reply to: Jim Race: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
- Next in thread: Bill Royds: "RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
- Reply: Bill Royds: "RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Fri, 12 Dec 2003 10:28:58 +1300
It was written (by whom doesn't really matter):
> Check that. With Moz 1.5:
>
> Opening in a new *TAB* takes one to MS. Clicking the link takes one to /.
> with "http://www.microsoft.com%01@slashdot.org/" in the address bar.
>
> That's odd.
Not at all.
Can you not read HTML source?
The page has an href anchor tag (to MS) and a script (with a %01-
obfuscated URL to /. that "implicates" MS) on the onclick event for the
anchor tag.
Thus, clicking the link _IF YOU ARE SILLY ENOUGH TO HAVE SCRIPTING
ENABLED_ activates the script that implements the "trick" URL.
(Almost) anything else you do in Moz (or a Moz-derived browser) to
access that URL will result in the script not being activated and the
plain URL in the href argument of the anchor tag being "seen" and/or
acted on instead (that is why MS' URL is seen in the status bar ("task
bar"?) when you float the mouse over the URL). You should now be able
to work the rest out.
...
In general, there have been a lot of really badly misinformed comments
in this thread. Things that suggest the poster does not understand the
userinfo part of the URI RFC; things that suggest the poster has no
idea that the "left hand URL" is not a URL at all; and more. Please
folk, if you don't know how something works either _ask_ or sit back
and read (as the odds are someone will explain it all in plainer
language or the penny will otherwise drop within a few more posts
anyway). If you are not absolutely sure that you understand how it
works, don't post "it works in mozilla" (when it clearly does not) or
any of the other myriad (near) clueless responses we've seen. Clueless
posts add substantially to the nose and can greatly increase the
workload of folk who are now worrying about what, if anything, they can
do to reduce their exposure to this.
Cheers...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Rob Barrett: "[Full-Disclosure] Security....hmmmmm"
- In reply to: Jim Race: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
- Next in thread: Bill Royds: "RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
- Reply: Bill Royds: "RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
