[Dshield] MSFT Internet Explorer, %01 URL spoofing

Eric Tillery k6az at k6az.com
Sun Dec 14 03:11:23 GMT 2003

At 09:40 PM 12/13/2003, you wrote:
>On Sat, 13 Dec 2003 17:11:27 -0500 Eric Tillery  wrote:
> > One thing that is often overlooked is the ability to right-click
> > on the page and look at the properties. Doing this, the page is
> > clearly a fake:
> >
> > http://www.k6az.com/forums/fakebank_iex6.jpg
>Eric, I found a couple of other tricks, then saw your post and was
>excited. However, your tip (and some of mine, below) do **NOT** work
>with the "%001" URL in http://johannes.homepc.org/ievuln.html (tested
>with latest IE6SP1 on XP and NT4) so it should not be recommended.
>Boy, this is tricky...
>Has Johannes disclosed another vulnerability?

I realized this after posting that message. The only way I have found to find
the true URL in the last site is by looking at the source code of the page.

Once again, Mozilla has given IEX a black eye when it comes to security.
Even the last site shows the full address in the URL bar:


More information about the list mailing list