Bugtraq mailing list archives

Re: Apple Safari: idn urlbar spoofing

From: Robert Swiecki <jagger () swiecki net>
Date: Mon, 25 Jun 2007 22:33:19 +0200


With a specially crafted web page, an attacker can redirect
a www browser to the page, which URL (on the address bar) resembles an
arbitrary domain choosen by the attacker.

It is possible due to the fact, that apple safari supports
IDNs - http://en.wikipedia.org/wiki/Internationalized_domain_name -
and some of the UTF8 font glyphs embedded in the safari, could be used
to create an URL which contains whitespaces.

http://alt.swiecki.net/saft1.html

The picture taken on my system:
http://alt.swiecki.net/idn.png

Tested with Apple Safari 3.0.2 (522.13.1) on MS Windows 2003 SE SP2

-- 
Robert Swiecki
http://www.swiecki.net

Current thread:

Apple Safari: cookie stealing Robert Swiecki (Jun 13)
- Re: [Full-disclosure] Apple Safari: cookie stealing Michal Zalewski (Jun 13)
- Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Robert Swiecki (Jun 15)
  - Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Mark Senior (Jun 15)
  - Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 25)
    - RE: [Full-disclosure] Apple Safari: idn urlbar spoofing Larry Seltzer (Jun 25)
    - Re: [Full-disclosure] Apple Safari: idn urlbar spoofing Michal Zalewski (Jun 25)
    - Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 27)