|
Vulnerability Development
mailing list archives
Re: help:// protocol in Windows XP Prof
From: Bartosz Kwitkowski <bartosz () wb pl>
Date: 8 Jul 2004 07:46:31 -0000
In-Reply-To: <20040706093616.16342.qmail () www securityfocus com>
Microsoft Security says about it:
"It is a usability feature where IE is trying to "guess" the intended protocol. For example, "httq:" or "htt?" where
"?" is any character will work as well. It does look funny but the results are that most users are sent to the URL
they were expecting."
I'd like to add some URLs...
The same thing is with ALL other protocols:
res:,mailto:,http:,https:,file:shell: (srall:)....
IE can guess much more than one missing char. IE is really "smart",
you can type httpds://wb.pl/bartosz and it will open http://...
Jordan Cole wrote:
"If you could get it to work in a link, it would make for a good
exploit... "Click here to read the help file for this application."
Have that link to a malware-enabled website or something similar, and
you've got another unsuspecting user infected.
On the other hand, you could just create a link that /appears/ to be
pointing to a help:// url...
"
Hmmm... We can trick user but what than?
"PLEASE DOWNLOAD THIS FILE AND EXEC IT"...?
:-)
Regards,
Bartosz
 By Date 
By Thread
Current thread:
- Re: help:// protocol in Windows XP Prof, (continued)
|
Intro
