[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3FD66545.5080005@mail.telepac.pt>
Date: Wed, 10 Dec 2003 00:13:57 +0000
From: Pedro Castro <noupy@...l.telepac.pt>
To: bugtraq@...urityfocus.com
Subject: Re: Internet Explorer URL parsing vulnerability
It does also apply to Mozilla Firebird 0.7.
John W. Noerenberg II wrote:
> This exploit also applies to the Macintosh version of Explorer
> v5.2.3(5815.1)
>
>> From: <bugtraq@...thedingbat.com>
>> To: bugtraq@...urityfocus.com
>> Subject: Internet Explorer URL parsing vulnerability
>>
>>
>>
>> Internet Explorer URL parsing vulnerability
>> Vendor Notified 09 December, 2003
>>
>> # Vulnerability ##########
>> There is a flaw in the way that Internet Explorer displays URLs in
>> the address bar.
>>
>> By opening a specially crafted URL an attacker can open a page that
>> appears to be from a different domain from the current location.
>>
>> # Exploit ##########
>> By opening a window using the http://user@...ain nomenclature an
>> attacker can hide the real location of the page by including a 0x01
>> character after the "@" character.
>> Internet Explorer doesn't display the rest of the URL making the page
>> appear to be at a different domain.
>>
>> # POC ##########
>> http://www.zapthedingbat.com/security/ex01/vun1.htm
>>
>> # Tested ##########
>> Internet Explorer
>> Version 6.0.2800.1106C0
>> Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>>
>> # Credit ##########
>> Zap The Dingbat
>> http://www.zapthedingbat.com/
>
>
Powered by blists - more mailing lists