Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: IE URL obfuscation
From: Donovan Bernauer (donovanDONOVANB.COM)
Date: Wed Dec 10 2003 - 14:06:07 CST
Normal c strings terminate at the first NULL char. This is the way IE reads
the current address when it writes to the address bar.
When using a browser shell, the shell uses COM and B-strings to get the info
from IE, and this properly handles the NULL char.
If you folks right-click the web page in question,
And select 'properties', you'll see the correct address is really known by
IE - it's just the presentation code for the address bar that's goofed.
From: Windows NTBugtraq Mailing List
[mailto:NTBUGTRAQLISTSERV.NTBUGTRAQ.COM] On Behalf Of Martin Christopher
Sent: Wednesday, December 10, 2003 7:08 AM
Subject: Re: IE URL obfuscation
This appears to be another case of 'Vanilla' IE implementations being
vulnerable to the 'ploit, but browsers with extensions / additions being
I am running the SlimBrowser enhancements for IE and it showed the url up
http://www.microsoft.com zapthedingbat.com/security/ex01/vun2.htm (exactly
I would hypothesize that the results of this test are related to the
character sets installed on your machine / browser.
*/ The clock it ticking
and from now on we are keeping score /*
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa. Promotion expires
12/31/03 and cannot be used in combination with other offers.