[Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Clint Bodungen
clint at secureconsulting.com
Tue Dec 9 21:30:00 GMT 2003
Well, using a straight link like the following works in an HTML email... but
not on a web page:
<a href="http://www.microsoft.com%01@www.linux.org">Microsoft</a>
However, using this approach still allows the user to see the absolute URL
path in the task bar (with the %01 ommitted).
On the other hand... using the button and "unescape()" approach such as the
original example from this thread works from a web page but not from an HTML
email.
----- Original Message -----
From: "S G Masood" <sgmasood at yahoo.com>
To: "Exibar" <exibar at thelair.com>; <full-disclosure at lists.netsys.com>
Sent: Tuesday, December 09, 2003 1:00 PM
Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability
>
> --- Exibar <exibar at thelair.com> wrote:
> > my favorite will be this one that I'm sure will
> > circulate:
> >
> > http://www.microsoft.com%01@www.linux.org
> >
> > :-)
>
> http://www.microsoft.com%01@www.linux.org
> wont work until you
> unescape('http://www.microsoft.com%01@www.linux.org');
>
Full-Disclosure is hosted and sponsored by Secunia.