Internet Explorer URL Spoofing Vulnerability
10 December 2003, 03:09 PM
#1
Scooby Regular
Thread Starter
Join Date: May 2003
Posts: 1,165
Likes: 0
Received 0 Likes
on
0 Posts
New issues with MS IE
And MS are not doing any patches the month
http://www.secunia.com/advisories/10395/
Internet Explorer URL Spoofing Vulnerability
Secunia Advisory: SA10395
Release Date: 2003-12-09
Critical: Moderately critical
Impact: ID Spoofing
Where: From remote
Software: Microsoft Internet Explorer 6
Description:
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address bar.
The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.
Successful exploitation allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address bar, which is different from the actual location of the page.
This can be exploited to trick users into divulging sensitive information or download and execute malware on their systems, because they trust the faked domain in the address bar.
Example displaying only "http://www.trusted_site.com" in the address bar when the real domain is "malicious_site.com":
http://www.trusted_site.com%01@malicious_site.com/malicious.html
The vulnerability has been confirmed in version 6.0. However, prior versions may also be affected.
Solution:
Filter malicious characters and character sequences in a proxy server or firewall with URL filtering capabilities.
Don't follow links from untrusted sources.
[Edited by Nicks VR4 - 12/10/2003 3:26:45 PM]
And MS are not doing any patches the month
http://www.secunia.com/advisories/10395/
Internet Explorer URL Spoofing Vulnerability
Secunia Advisory: SA10395
Release Date: 2003-12-09
Critical: Moderately critical
Impact: ID Spoofing
Where: From remote
Software: Microsoft Internet Explorer 6
Description:
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address bar.
The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.
Successful exploitation allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address bar, which is different from the actual location of the page.
This can be exploited to trick users into divulging sensitive information or download and execute malware on their systems, because they trust the faked domain in the address bar.
Example displaying only "http://www.trusted_site.com" in the address bar when the real domain is "malicious_site.com":
http://www.trusted_site.com%01@malicious_site.com/malicious.html
The vulnerability has been confirmed in version 6.0. However, prior versions may also be affected.
Solution:
Filter malicious characters and character sequences in a proxy server or firewall with URL filtering capabilities.
Don't follow links from untrusted sources.
[Edited by Nicks VR4 - 12/10/2003 3:26:45 PM]
10 December 2003, 05:42 PM
#3
Scooby Regular
I've heard that other browsers suffer this vulnerability as well! Proof of concept at http://www.zapthedingbat.com/security/ex01/vun1.htm
10 December 2003, 08:28 PM
#4
Scooby Regular
Not that I'm bored or anything but,
Opera 6.03 OS X shows a blank in place of the hex char
Safari 1.1.1 OS X didn't do anything at all upon pressing the button
Opera 7.2 for Windows shows a square in place of the hex char
Opera 6.04 for Windows does the same as 7.2
No X server on the Linux machines or Solaris machines so I can't test.
Opera 6.03 OS X shows a blank in place of the hex char
Safari 1.1.1 OS X didn't do anything at all upon pressing the button
Opera 7.2 for Windows shows a square in place of the hex char
Opera 6.04 for Windows does the same as 7.2
No X server on the Linux machines or Solaris machines so I can't test.