[Dshield] MSFT Internet Explorer, %01 URL spoofing

Alan Frayer afrayer at frayernet.com
Mon Dec 15 12:42:30 GMT 2003

On Mon, 2003-12-15 at 07:22, Johannes B. Ullrich wrote:

> I just added number labels to each test url at
> http://johannes.homepc.org/ievuln.html to make it easier to identify the
> tests. Maybe I will add a little feedback form later.
> Here are my results from Mozilla and Netscape 7.1 under Linux:
> #4 (inserting spaces) has some success if you hover over the link, as it
> pushes the real URL off the screen.
> #5 (%001) cuts off the URL as I hover.
> All links show the full URL in the URL bar after clicking on them. #4
> (spaces) has some success in pushing the real URL off the screen, but
> there are lots of ugly '%20'. 

Opera under Linux shows the hidden URL in all by #4 and #1 (#1 appears
as a kind of button). Selecting them, however, causes a security warning
to pop up, telling me I'm about to go to a web site with a username in
it, and then shows me the fake name as the username and the real URL as
the server. The real URL then, also, appears in the address bar.

Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
Friends don't let friends use Active Directory
Visit Frayernet - http://www.frayernet.com
Shop at buyneatstuff - http://www.buyneatstuff.net

More information about the list mailing list