> This exploit also applies to the Macintosh version of Explorer
> v5.2.3(5815.1)
>
>> From: <bugtraq (at) zapthedingbat (dot) com [email concealed]>
>> To: bugtraq (at) securityfocus (dot) com [email concealed]
>> Subject: Internet Explorer URL parsing vulnerability
>>
>>
>>
>> Internet Explorer URL parsing vulnerability
>> Vendor Notified 09 December, 2003
>>
>> # Vulnerability ##########
>> There is a flaw in the way that Internet Explorer displays URLs in
>> the address bar.
>>
>> By opening a specially crafted URL an attacker can open a page that
>> appears to be from a different domain from the current location.
>>
>> # Exploit ##########
>> By opening a window using the http://user@domain nomenclature an
>> attacker can hide the real location of the page by including a 0x01
>> character after the "@" character.
>> Internet Explorer doesn't display the rest of the URL making the page
>> appear to be at a different domain.
>>
>> # POC ##########
>> http://www.zapthedingbat.com/security/ex01/vun1.htm
>>
>> # Tested ##########
>> Internet Explorer
>> Version 6.0.2800.1106C0
>> Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>>
>> # Credit ##########
>> Zap The Dingbat
>> http://www.zapthedingbat.com/
>
>
John W. Noerenberg II wrote:
> This exploit also applies to the Macintosh version of Explorer
> v5.2.3(5815.1)
>
>> From: <bugtraq (at) zapthedingbat (dot) com [email concealed]>
>> To: bugtraq (at) securityfocus (dot) com [email concealed]
>> Subject: Internet Explorer URL parsing vulnerability
>>
>>
>>
>> Internet Explorer URL parsing vulnerability
>> Vendor Notified 09 December, 2003
>>
>> # Vulnerability ##########
>> There is a flaw in the way that Internet Explorer displays URLs in
>> the address bar.
>>
>> By opening a specially crafted URL an attacker can open a page that
>> appears to be from a different domain from the current location.
>>
>> # Exploit ##########
>> By opening a window using the http://user@domain nomenclature an
>> attacker can hide the real location of the page by including a 0x01
>> character after the "@" character.
>> Internet Explorer doesn't display the rest of the URL making the page
>> appear to be at a different domain.
>>
>> # POC ##########
>> http://www.zapthedingbat.com/security/ex01/vun1.htm
>>
>> # Tested ##########
>> Internet Explorer
>> Version 6.0.2800.1106C0
>> Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>>
>> # Credit ##########
>> Zap The Dingbat
>> http://www.zapthedingbat.com/
>
>
[ reply ]