|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Internet Explorer URL parsing vulnerability
soulshok
hippie.dk
Date: Tue Dec 09 2003 - 11:19:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In-Reply-To: <20031209144416.31613.qmailsf-www2-symnsj.securityfocus.com>
># Exploit ##########
>By opening a window using the http://userdomain nomenclature an attacker can hide the real location of the page by including a 0x01 character after the "" character.
>Internet Explorer doesn't display the rest of the URL making the page appear to be at a different domain.
...
># Tested ##########
>Internet Explorer
>Version 6.0.2800.1106C0
>Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>
Internet Explorer 5.00.3700.1000 (SP4, Q824145) doesn't seem to be vunlerable to this.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]