lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <66C2E02AE076D711B07A00508B938E3105E5C5@hqmail.bakbone.com>
Date: Wed, 10 Dec 2003 11:43:56 -0800
From: Lance James <lance.james@...bone.com>
To: 'Pedro Castro' <noupy@...l.telepac.pt>, bugtraq@...urityfocus.com
Subject: RE: Internet Explorer URL parsing vulnerability


This also adds another effect, Since it's dropping to the right most url and
it's a parsing issue with the display url, SSL is additionally compromised
for this problem.

Scenario: Fake bank setup in .ru somewhere, attacker has a valid cert that
is signed by a authoritative Trent, and of attacker goes phishing. They
click to go to www.bank.com (looks legit of course, especially now), and it
has their usual SSL login prompt without any warnings. This is not an actual
SSL technical problem, but it adds to the trickery.

-----Original Message-----
From: Pedro Castro [mailto:noupy@...l.telepac.pt] 
Sent: Tuesday, December 09, 2003 4:14 PM
To: bugtraq@...urityfocus.com
Subject: Re: Internet Explorer URL parsing vulnerability

It does also apply to Mozilla Firebird 0.7.



John W. Noerenberg II wrote:

> This exploit also applies to the Macintosh version of Explorer 
> v5.2.3(5815.1)
>
>> From: <bugtraq@...thedingbat.com>
>> To: bugtraq@...urityfocus.com
>> Subject: Internet Explorer URL parsing vulnerability
>>
>>
>>
>> Internet Explorer URL parsing vulnerability
>> Vendor Notified 09 December, 2003
>>
>> # Vulnerability ##########
>> There is a flaw in the way that Internet Explorer displays URLs in 
>> the address bar.
>>
>> By opening a specially crafted URL an attacker can open a page that 
>> appears to be from a different domain from the current location.
>>
>> # Exploit ##########
>> By opening a window using the http://user@...ain nomenclature an 
>> attacker can hide the real location of the page by including a 0x01 
>> character after the "@" character.
>> Internet Explorer doesn't display the rest of the URL making the page 
>> appear to be at a different domain.
>>
>> # POC ##########
>> http://www.zapthedingbat.com/security/ex01/vun1.htm
>>
>> # Tested ##########
>> Internet Explorer
>> Version 6.0.2800.1106C0
>> Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>>
>> # Credit ##########
>> Zap The Dingbat
>> http://www.zapthedingbat.com/
>
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ