Re: IE URL obfuscation bug, part 2 -- failure to send server the full obfuscated URL

From: Felix Kasza (felixk2_at_MVPS.ORG)
Date: 12/11/03

  • Next message: Nick FitzGerald: "Re: IE URL obfuscation"
    Date:         Thu, 11 Dec 2003 20:12:51 +0100
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Gary,

    > User types into the URL bar:
    > http://www.ebay.com%01@testurl.ideaflood.com/filepath/file.htm
    > [...]
    > So the server is unable to see the original URL,
    > with the obfuscated portions. [...]

    The server will never see the 01h byte as part of either host name or
    path, as it is part of the authentication data -- it belongs to the
    "username" part in

            http://[username[:password]@]www.domain.com[/path]

    If the server responded with a 401 to the initial request, forcing the
    browser to submit authentication data, the server would get to see the
    01h byte, but still not as part of the URL or host name.

    Cheers,
    Felix.

    ----
    NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
    code "NT1003" when registering to take the TICSA exam at www.2test.com.
    Prove to your employer and peers that you have the knowledge and
    abilities to be an active stakeholder in today's enterprise security.
    Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
    12/31/03 and cannot be used in combination with other offers.
    ----
    

  • Next message: Nick FitzGerald: "Re: IE URL obfuscation"