Hi,
I don't know if that's a problem caused only by Opera, I found that 'bug'
surfing with IE (6.0) too.
Trying to acces diffrent web pages, some of them listed my real IP address
insted of proxy address.
(e.g. trying to make an account at www.ifriends.com).
It might be a 'bug' in Opera/IE or a 'high security' web page.

----- Original Message -----
From: "Nicolas Gregoire" <ngregoireexaprobe.com>
To: <vuln-devsecurityfocus.com>
Sent: Wednesday, December 05, 2001 11:22 AM
Subject: Proxy bypass in Opera : security related ?

> Hi,
>
> while I was trying to bypass some URL filtering software using specially
formated URLs, I found a problem
> in the Opera browser.
>
> This bug was reported to Opera via their bug notification form, but I
haven't receive any response so far.
>
> Details :
> ======
>
> When the URL http://3638218280/ is requested, Opera will try to fetch to
page located at
> http://216.218.206.40/ (normal DWord to IP address conversion [1])
*without* using the configured
> proxy settings.
>
> Scenario :
> =========
>
> I haven't any really interesting scenario for this bug.
> Yes, it's possible to make a user follow a link and get a page without
using the configured proxy, but if,
> in a company, there's a proxy and a way to fetch web pages without using
the proxy, the problem is,
> in my opinion, a security policy problem ....
>
>
> Does anybody see any security implication for this bug ?
>
>
> Nicolas Grégoire [2]
>
>
> [1] : http://www.fichtner.net/tools/ip2dword/
> [2] : Please excuse my poor english
>
>
>
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]