[32775] in bugtraq
Re: Internet Explorer URL parsing vulnerability
daemon@ATHENA.MIT.EDU (Pedro Castro)
Wed Dec 10 14:36:44 2003
Message-ID: <3FD66545.5080005@mail.telepac.pt>
Date: Wed, 10 Dec 2003 00:13:57 +0000
From: Pedro Castro <noupy@mail.telepac.pt>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <p0610060cbbfbc11bd807@[129.46.76.119]>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
It does also apply to Mozilla Firebird 0.7.
John W. Noerenberg II wrote:
> This exploit also applies to the Macintosh version of Explorer
> v5.2.3(5815.1)
>
>> From: <bugtraq@zapthedingbat.com>
>> To: bugtraq@securityfocus.com
>> Subject: Internet Explorer URL parsing vulnerability
>>
>>
>>
>> Internet Explorer URL parsing vulnerability
>> Vendor Notified 09 December, 2003
>>
>> # Vulnerability ##########
>> There is a flaw in the way that Internet Explorer displays URLs in
>> the address bar.
>>
>> By opening a specially crafted URL an attacker can open a page that
>> appears to be from a different domain from the current location.
>>
>> # Exploit ##########
>> By opening a window using the http://user@domain nomenclature an
>> attacker can hide the real location of the page by including a 0x01
>> character after the "@" character.
>> Internet Explorer doesn't display the rest of the URL making the page
>> appear to be at a different domain.
>>
>> # POC ##########
>> http://www.zapthedingbat.com/security/ex01/vun1.htm
>>
>> # Tested ##########
>> Internet Explorer
>> Version 6.0.2800.1106C0
>> Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>>
>> # Credit ##########
>> Zap The Dingbat
>> http://www.zapthedingbat.com/
>
>
