l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2003 Dec 09 21:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] New phishing vulnerability
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] New phishing vulnerability



There was a thread[1] about 2 months ago about email scams and making URLs
look innocent, mostly by putting the site you're trying to look like in as
a username in your URL i.e. http://www.ebay.com@hackedsite.com/scam.html

I thought today's Internet Explorer vulnerability might be of interest...
This came across bugraq-digest today.

The quick synopsis: add a 0x01 character (HTML %01) to a URL and MSIE will
not display anything after that character in the URL bar. Their exploit
link is
http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm which
shows as http://www.microsoft.com in IE. They tested on 6.0 with SP1 and
other patches...I've verified it on my wife's computer running IE 5.0


Subject: Internet Explorer URL parsing vulnerability
Date:    Tue, December 9, 2003 8:44 am
To:   	 bugtraq@securityfocus.com

Internet Explorer URL parsing vulnerability
Vendor Notified 09 December, 2003

# Vulnerability ##########
There is a flaw in the way that Internet Explorer displays URLs in the
address bar.

By opening a specially crafted URL an attacker can open a page that
appears to be
from a different domain from the current location.

# Exploit ##########
By opening a window using the http://user@domain nomenclature an attacker
can hide
the real location of the page by including a 0x01 character after the "@"
character.
Internet Explorer doesn't display the rest of the URL making the page
appear to be
at a different domain.

# POC ##########
http://www.zapthedingbat.com/security/ex01/vun1.htm

# Tested ##########
Internet Explorer
Version 6.0.2800.1106C0
Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145

# Credit ##########
Zap The Dingbat
http://www.zapthedingbat.com/



[1]
[vox-tech] one of the most pernicious spams i've ever seen.
http://lugod.org/mailinglists/archives/vox-tech/2003-09/msg00172.html
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!