l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2003 Dec 09 21:26

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] New phishing vulnerability
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] New phishing vulnerability



I use old browsers. MSIE 5.50 and Netscape 4.77 both work OK for me.
(i.e. http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm
displays on the address line for both)

- Larry

At 01:54 PM 12/9/03 -0600, you wrote:
>There was a thread[1] about 2 months ago about email scams and making URLs
>look innocent, mostly by putting the site you're trying to look like in as
>a username in your URL i.e. http://www.ebay.com@hackedsite.com/scam.html
>
>I thought today's Internet Explorer vulnerability might be of interest...
>This came across bugraq-digest today.
>
>The quick synopsis: add a 0x01 character (HTML %01) to a URL and MSIE will
>not display anything after that character in the URL bar. Their exploit
>link is
>http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm which
>shows as http://www.microsoft.com in IE. They tested on 6.0 with SP1 and
>other patches...I've verified it on my wife's computer running IE 5.0
>
>
>Subject: Internet Explorer URL parsing vulnerability
>Date:    Tue, December 9, 2003 8:44 am
>To:   	 bugtraq@securityfocus.com
>
>Internet Explorer URL parsing vulnerability
>Vendor Notified 09 December, 2003
>
># Vulnerability ##########
>There is a flaw in the way that Internet Explorer displays URLs in the
>address bar.
>
>By opening a specially crafted URL an attacker can open a page that
>appears to be
>from a different domain from the current location.
>
># Exploit ##########
>By opening a window using the http://user@domain nomenclature an attacker
>can hide
>the real location of the page by including a 0x01 character after the "@"
>character.
>Internet Explorer doesn't display the rest of the URL making the page
>appear to be
>at a different domain.
>
># POC ##########
>http://www.zapthedingbat.com/security/ex01/vun1.htm
>
># Tested ##########
>Internet Explorer
>Version 6.0.2800.1106C0
>Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>
># Credit ##########
>Zap The Dingbat
>http://www.zapthedingbat.com/
>
>
>
>[1]
>[vox-tech] one of the most pernicious spams i've ever seen.
>http://lugod.org/mailinglists/archives/vox-tech/2003-09/msg00172.html
>_______________________________________________
>vox-tech mailing list
>vox-tech@lists.lugod.org
>http://lists.lugod.org/mailman/listinfo/vox-tech
>
>

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.