Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Internet Explorer URL parsing vulnerability
From: "Eric \"MightyE\" Stevens" <trash () mightye org>
Date: Tue, 09 Dec 2003 14:34:34 -0500
IE 6.0.2800.1106.xpsp2.030422-1633 with all the latest updates (SP1; Q822925; Q330994; Q828750; Q824145) is vulnerable. Works like a charm. 

-Eric "MightyE" Stevens
http://lotgd.net

soulshok () hippie dk wrote:


In-Reply-To: <20031209144416.31613.qmail () sf-www2-symnsj securityfocus com>


# Exploit ##########
By opening a window using the http://user () domain nomenclature an attacker can hide the real location of the page by including 
a 0x01 character after the "@" character.
Internet Explorer doesn't display the rest of the URL making the page appear to be at a different domain. 
...

# Tested ##########
Internet Explorer
Version 6.0.2800.1106C0
Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145


Internet Explorer 5.00.3700.1000 (SP4, Q824145) doesn't seem to be vunlerable to this.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]