| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Aug 1 16:40:35 2005 From: mailinglists at vanscherpenseel.nl (Vincent van Scherpenseel) Subject: Weird URL On Monday 01 August 2005 17:26, Bug Traq wrote: > Paste this URL in a firefox browser address bar and see what happens. > http://https/;//gmail.google.com > > Anyone know why? Yes, Firefox uses Google's "I'm feeling lucky" feature to redirect users who enter a word in the address bar which does not exist. The only part needed to be redirected to paypal.com is http://https If you shorten that just a little bit (to http://http) you'll arrive at www.microsoft.com (that's kind of ironic even ;). Now try looking up the words https and http on Google and see which websites are at rank 1 :) This feature could be exploited by malicious people though: by crafting a phishing mail with the url: http://http://www.abnamro.com people arrive at Microsoft's website instead of the site of the ABN Amro bank. Now what if someone replaces the second http with a keyword which links to a malicious ranked-1 site in Google? In combination with Google ranking abuse tricks this could pose a serious threat to Average Joe. - Vincent van Scherpenseel
Powered by blists - more mailing lists