Full Disclosure mailing list archives
Re: Re: Internet Explorer URL parsing vulnerabi lity
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 12 Dec 2003 10:28:58 +1300
It was written (by whom doesn't really matter):
Check that. With Moz 1.5: Opening in a new *TAB* takes one to MS. Clicking the link takes one to /. with "http://www.microsoft.com%01 () slashdot org/" in the address bar. That's odd.
Not at all. Can you not read HTML source? The page has an href anchor tag (to MS) and a script (with a %01- obfuscated URL to /. that "implicates" MS) on the onclick event for the anchor tag. Thus, clicking the link _IF YOU ARE SILLY ENOUGH TO HAVE SCRIPTING ENABLED_ activates the script that implements the "trick" URL. (Almost) anything else you do in Moz (or a Moz-derived browser) to access that URL will result in the script not being activated and the plain URL in the href argument of the anchor tag being "seen" and/or acted on instead (that is why MS' URL is seen in the status bar ("task bar"?) when you float the mouse over the URL). You should now be able to work the rest out. ... In general, there have been a lot of really badly misinformed comments in this thread. Things that suggest the poster does not understand the userinfo part of the URI RFC; things that suggest the poster has no idea that the "left hand URL" is not a URL at all; and more. Please folk, if you don't know how something works either _ask_ or sit back and read (as the odds are someone will explain it all in plainer language or the penny will otherwise drop within a few more posts anyway). If you are not absolutely sure that you understand how it works, don't post "it works in mozilla" (when it clearly does not) or any of the other myriad (near) clueless responses we've seen. Clueless posts add substantially to the nose and can greatly increase the workload of folk who are now worrying about what, if anything, they can do to reduce their exposure to this. Cheers... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Re: Internet Explorer URL parsing vulnerabi lity David Vincent (Dec 10)
- <Possible follow-ups>
- RE: Re: Internet Explorer URL parsing vulnerabi lity David Vincent (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerabi lity Frank Knobbe (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Jim Race (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Jim Race (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Heikki Toivonen (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Dave Sherohman (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Nick FitzGerald (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerabi lity Bill Royds (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity William Warren (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Peter Moody (Dec 11)