Full Disclosure mailing list archives
Re: RE: FWD: Internet Explorer URL parsing vulnerability
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 10 Dec 2003 11:57:04 +1300
Michal Zalewski <lcamtuf () ghettot org> wrote:
http://www.microsoft.com%01 () www linux org wont work until you unescape('http://www.microsoft.com%01 () www linux org');Out of sheer curiosity (no MSIE at hand)... would it work with: <a href="http://A\x01@B"> ...meaning, put literal ASCII character #001 in a href tag, as opposed to using JavaScript or alikes?
I just posted a reply to the OP's message on Bugtraq about my tests of precisely this (half expect it won't appear there, but...). Unfortunately, I forgot to keep a copy of that message so can't just repost those comments here. In short, it appears you can use a 0x01 character instead of the "%01 and unescape" combo the OP used. Further, I looked at using this in an http-equiv=refresh "redirect" situation. In a straight use of that approach, it failed (using either the %01 or 0x01 character method), but worked if you used a script to write the http-equiv=refresh statement into the document. I don't have a suitable server set-up handy at the moment to test whether it works in a server-side redirect. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: FWD: Internet Explorer URL parsing vulnerability, (continued)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S . f . Stover (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Jeremiah Cornelius (Dec 09)
- FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- RE: RE: FWD: Internet Explorer URL parsing vulnerability Chris S (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Michal Zalewski (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: FWD: Internet Explorer URL parsing vulnerability Julian HO Thean Swee (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Cedric Blancher (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)