[Dshield] MSFT Internet Explorer, %01 URL spoofing
Johannes B. Ullrich
jullrich at sans.org
Mon Dec 15 12:22:53 GMT 2003
> Some Bugtraq members have reported Mozilla / Firebird and Opera as
> vulnerable, others have reported these browsers as not vulnerable.
I just added number labels to each test url at
http://johannes.homepc.org/ievuln.html to make it easier to identify the
tests. Maybe I will add a little feedback form later.
Here are my results from Mozilla and Netscape 7.1 under Linux:
#4 (inserting spaces) has some success if you hover over the link, as it
pushes the real URL off the screen.
#5 (%001) cuts off the URL as I hover.
All links show the full URL in the URL bar after clicking on them. #4
(spaces) has some success in pushing the real URL off the screen, but
there are lots of ugly '%20'.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 786 1563
fax: (617) 786 1550 jullrich at sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031215/5acc515f/attachment.bin
More information about the list