Bugtraq: MSIEv6 % encoding causes a problem again

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

MSIEv6 % encoding causes a problem again

From: Liu Die Yu <liudieyuinchina () yahoo com cn>
Date: 3 Sep 2002 12:49:20 -0000



it's about cross-site scripting at MSIEv6 client side using % encoding, 
but not the same as the one by PeaceFire.org which doesn't work on my PC.

[tested]MSIEv6(CN version)
{IEXPLORE.EXE file version: 6.0.2600.0000}
{MSHTML.DLL file version: 6.00.2600.0000} 

[demo]
at 
http://www16.brinkster.com/liudieyu/2FforMSIE/2FforMSIE-MyPage.htm
or 
clik.to/liudieyu ==> 2FforMSIE-MyPage section.

[exp]
%?? in URL is decoded when IE caculates the domain, but not decoded while 
downloading a page.
so
[CODE.URL]http://www.yahoo.com%2F () clik to/liudieyu
(       2F=hex$(asc('/'))       )
leads to clik.to/liudieyu instead of www.yahoo.com, and the domain of it 
www.yahoo.com for IE

Very simple, that's all.

[contact]
liudieyuinchina () yahoo com cn

By Date By Thread

Current thread:

MSIEv6 % encoding causes a problem again Liu Die Yu (Sep 03)
- Re: MSIEv6 % encoding causes a problem again Dave Ahmad (Sep 04)
  - Re: MSIEv6 % encoding causes a problem again jelmer (Sep 04)
    - Re: MSIEv6 % encoding causes a problem again Dave Ahmad (Sep 04)
- MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable Piotr Pawłow (Sep 06)
  - Re: MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable Dirk Mueller (Sep 06)