Re: IE URL obfuscation bug, part 2 -- failure to send server the full obfuscated URL
From: Felix Kasza (felixk2_at_MVPS.ORG)
Date: 12/11/03
- Previous message: Gary Shuster: "IE URL obfuscation bug, part 2 -- failure to send server the full obfuscated URL"
- In reply to: Gary Shuster: "IE URL obfuscation bug, part 2 -- failure to send server the full obfuscated URL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Dec 2003 20:12:51 +0100 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Gary,
> User types into the URL bar:
> http://www.ebay.com%01@testurl.ideaflood.com/filepath/file.htm
> [...]
> So the server is unable to see the original URL,
> with the obfuscated portions. [...]
The server will never see the 01h byte as part of either host name or
path, as it is part of the authentication data -- it belongs to the
"username" part in
http://[username[:password]@]www.domain.com[/path]
If the server responded with a 401 to the initial request, forcing the
browser to submit authentication data, the server would get to see the
01h byte, but still not as part of the URL or host name.
Cheers,
Felix.
---- NTBugtraq subscribers save $103.00 off the TICSA exam by using promo code "NT1003" when registering to take the TICSA exam at www.2test.com. Prove to your employer and peers that you have the knowledge and abilities to be an active stakeholder in today's enterprise security. Become TICSA certified www.trusecure.com/ticsa. Promotion expires 12/31/03 and cannot be used in combination with other offers. ----
- Previous message: Gary Shuster: "IE URL obfuscation bug, part 2 -- failure to send server the full obfuscated URL"
- In reply to: Gary Shuster: "IE URL obfuscation bug, part 2 -- failure to send server the full obfuscated URL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
