Full Disclosure mailing list archives
Re: Re: Internet Explorer URL parsing vulnerability
From: John Sage <jsage () finchhaven com>
Date: Thu, 11 Dec 2003 13:07:04 -0800
On Thu, Dec 11, 2003 at 07:20:14PM +0000, petard wrote:
From: petard <petard () freeshell org> To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Re: Internet Explorer URL parsing vulnerability User-Agent: Mutt/1.4.1i Date: Thu, 11 Dec 2003 19:20:14 +0000 On Thu, Dec 11, 2003 at 11:49:07AM -0600, Schmehl, Paul L wrote:Hey, I like that one. That's the first time I've even been to slashdot and see www.microsoft.com in the address bar. :-)It gets better... it works with SSL sites as well. The little lock, and no warning message: http://petard.freeshell.org/hotmail-pr.html
It's interesting to note that, for Opera 7.11 under Linux, not only does Opera return a dialog box asking for confirmation, but that in the title bar the 0x01 is actually displayed at its proper location in the URL... (see attached 0x01_url_before.png) Upon confirming the dialog, Opera displays the following in the address bar: https://www.hotmail.com @www.hushmail.com/ with an actual gap of some sort between the www.hotmail.com and the @ thus: (see attached 0x01_url_after.png) - John -- "Most people don't type their own logfiles; but, what do I care?" - John Sage: InfoSec Groupie - ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus- - ATTENTION: this entire message is privileged communication, intended for the sole use of its recipients only. If you read it even though you know you aren't supposed to, you're a poopy-head.
Current thread:
- Re: RE:Re: RE: FWD: Internet Explorer URL parsing vulnerability, (continued)
- Re: RE:Re: RE: FWD: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
- Re: RE:Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)
- RE: Re: Internet Explorer URL parsing vulnerability Schmehl, Paul L (Dec 10)
- RE: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 12)
- RE: Re: Internet Explorer URL parsing vulnerability Funk Jr, Joseph C. (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability Jarkko Turkulainen (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability Schmehl, Paul L (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability John Sage (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability Erik van Straten (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability Georgi Guninski (Dec 12)
- Re: RE:Re: RE: FWD: Internet Explorer URL parsing vulnerability Exibar (Dec 10)