[Dshield] MSFT Internet Explorer, %01 URL spoofing

Alan Frayer afrayer at frayernet.com
Mon Dec 15 12:42:30 GMT 2003


On Mon, 2003-12-15 at 07:22, Johannes B. Ullrich wrote:

> I just added number labels to each test url at
> http://johannes.homepc.org/ievuln.html to make it easier to identify the
> tests. Maybe I will add a little feedback form later.
> 
> Here are my results from Mozilla and Netscape 7.1 under Linux:
> #4 (inserting spaces) has some success if you hover over the link, as it
> pushes the real URL off the screen.
> 
> #5 (%001) cuts off the URL as I hover.
> 
> All links show the full URL in the URL bar after clicking on them. #4
> (spaces) has some success in pushing the real URL off the screen, but
> there are lots of ugly '%20'. 

Opera under Linux shows the hidden URL in all by #4 and #1 (#1 appears
as a kind of button). Selecting them, however, causes a security warning
to pop up, telling me I'm about to go to a web site with a username in
it, and then shows me the fake name as the username and the real URL as
the server. The real URL then, also, appears in the address bar.


________________________________________________________________________
Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
Friends don't let friends use Active Directory
Visit Frayernet - http://www.frayernet.com
Shop at buyneatstuff - http://www.buyneatstuff.net




More information about the list mailing list