|
|
Microsoft Internet Explorer Zone Spoofing Vulnerability
The following example exploit has been provided by kikkert security <unhackables@hotmail.com>: Example: An option in a basic authenticated site is to pass on a username (and/or password) in the URL like this: http://mike@msdn.microsoft.com Another possibility is to convert an IP address into a dotless IP address; such an address is also called a DWORD address (some proxy servers, routers or web servers do not allow this). http://msdn.microsoft.com - IP: 207.46.239.122 Convert this IP address to a DWORD address: 207 * 16777216 = 3472883712 46 * 65536 = 3014656 239 * 256 = 61184 122 * 1 = 122 ------------------------------------------------ + = 3475959674 This DWORD address can be used to visit the site like: http://3475959674 If we combine the URL login option with the DWORD IP address we'll get the following URL: http://mike@3475959674 The browser still thinks we are in the internet zone as expected. Now we change the @ sign to its ASCII equivalent (%40): ------------------------ http://mike%403475959674 ------------------------ |
|
Privacy Statement |