Vulnerability Development mailing list archives
RE: Proxy bypass in Opera : security related ?
From: "Darren W. MacDonald" <darrydoo () sympatico ca>
Date: Wed, 5 Dec 2001 22:38:24 -0500
Poor browsers, confused into thinking that this is Intranet traffic because it's dotless... <sigh> See MS KB Q306121 and MS Security Bulletin MS01-051 for details and a patch for IE. HTH Darren
-----Original Message----- From: maillist [mailto:maillist () go ro] Sent: Wednesday, December 05, 2001 1:25 PM To: vuln-dev () securityfocus com Subject: Re: Proxy bypass in Opera : security related ? Hi, I don't know if that's a problem caused only by Opera, I found that
'bug'
surfing with IE (6.0) too. Trying to acces diffrent web pages, some of them listed my real IP
address
insted of proxy address. (e.g. trying to make an account at www.ifriends.com). It might be a 'bug' in Opera/IE or a 'high security' web page. ----- Original Message ----- From: "Nicolas Gregoire" <ngregoire () exaprobe com> To: <vuln-dev () securityfocus com> Sent: Wednesday, December 05, 2001 11:22 AM Subject: Proxy bypass in Opera : security related ?Hi, while I was trying to bypass some URL filtering software using
specially
formated URLs, I found a problemin the Opera browser. This bug was reported to Opera via their bug notification form, but
I
haven't receive any response so far.Details : ====== When the URL http://3638218280/ is requested, Opera will try to
fetch to
page located athttp://216.218.206.40/ (normal DWord to IP address conversion [1])*without* using the configuredproxy settings. Scenario : ========= I haven't any really interesting scenario for this bug. Yes, it's possible to make a user follow a link and get a page
without
using the configured proxy, but if,in a company, there's a proxy and a way to fetch web pages without
using
the proxy, the problem is,in my opinion, a security policy problem .... Does anybody see any security implication for this bug ? Nicolas Grégoire [2] [1] : http://www.fichtner.net/tools/ip2dword/ [2] : Please excuse my poor english
Current thread:
- Proxy bypass in Opera : security related ? Nicolas Gregoire (Dec 05)
- Re: Proxy bypass in Opera : security related ? maillist (Dec 05)
- RE: Proxy bypass in Opera : security related ? Darren W. MacDonald (Dec 05)
- Re: Proxy bypass in Opera : security related ? Valdis . Kletnieks (Dec 05)
- Re: Proxy bypass in Opera : security related ? maillist (Dec 05)