I don't see this problem with Mozilla Firebird 0.7. It displays the
whole URL including the %01 and everything after the @ symbol.

Will.

Pedro Castro wrote:
> It does also apply to Mozilla Firebird 0.7.
>
>
>
> John W. Noerenberg II wrote:
>
>> This exploit also applies to the Macintosh version of Explorer
>> v5.2.3(5815.1)
>>
>>> From: <bugtraq (at) zapthedingbat (dot) com [email concealed]>
>>> To: bugtraq (at) securityfocus (dot) com [email concealed]
>>> Subject: Internet Explorer URL parsing vulnerability
>>>
>>>
>>>
>>> Internet Explorer URL parsing vulnerability
>>> Vendor Notified 09 December, 2003
>>>
>>> # Vulnerability ##########
>>> There is a flaw in the way that Internet Explorer displays URLs in
>>> the address bar.
>>>
>>> By opening a specially crafted URL an attacker can open a page that
>>> appears to be from a different domain from the current location.
>>>
>>> # Exploit ##########
>>> By opening a window using the http://user@domain nomenclature an
>>> attacker can hide the real location of the page by including a 0x01
>>> character after the "@" character.
>>> Internet Explorer doesn't display the rest of the URL making the page
>>> appear to be at a different domain.
>>>
>>> # POC ##########
>>> http://www.zapthedingbat.com/security/ex01/vun1.htm
>>>
>>> # Tested ##########
>>> Internet Explorer
>>> Version 6.0.2800.1106C0
>>> Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>>>
>>> # Credit ##########
>>> Zap The Dingbat
>>> http://www.zapthedingbat.com/
>>
>>
>>
>

[ reply ]