Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: New URL spoofing bug in Microsoft Internet Explorer

from [Russ] Network Security [Permanent Link]
Subject: Re: New URL spoofing bug in Microsoft Internet Explorer
Date: Fri, 29 Oct 2004 16:19:03 -0400 
Firstly, the way the HTML is written, the href which should display and be used 
is http://www.microsoft.com, the single </a> should be the closing element for 
the first href.

Secondly, on XP SP2 this doesn't work. First, you get an information bar 
warning that content has been blocked. If you mouseover the "Click Here", you 
see www.google.com, not microsoft, in the status bar.

Thirdly, if you allow the blocked content, nothing changes except that one 
linefeed is introduced on the page and the "Click Here" is one line lower. An 
interesting side-effect of allowing the content is that while a mouseover the 
"Click Here" reveals www.google.com, if you slowly move the mouse down you will 
see www.microsoft.com flash in the status bar.

Seems to me we still have the idiotic rendering of incomplete/incorrect HTML, 
the way it does in Outlook. Forget about tags and it will render anything that 
looks like a URL as a URL.

In isolation, the google href may appear to be the most well-formed, but since 
HTML shouldn't be treated as isolated data islands, but instead as a sequence 
from beginning to end, the fact that XP SP2 renders www.google.com as the link 
is just wrong (even if it does mean the spoofing attempt fails.)

Further, if the single </a> tag closes the google href, then how is it possible 
that IE still can put www.microsoft.com in the status bar at all? It has no 
closing tag, so is not well-formed, and shouldn't be treated as a valid 
tag...but IE, even of XP SP2, still thinks its valid (granted, after the 
blocked content has been allowed.) What possible reason would there be to allow 
the rendering of that href???

All works as advertised on non-XP SP2 IE installations.

Cheers,
Russ - Senior Scientist/NTBugtraq Editor
TruSecure Corporation

--
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such 
that just hitting reply is going to result in the message coming to the list, 
not to the individual who sent the message. This was done to help reduce the 
number of Out of Office messages posters received. So if you want to send a 
reply just to the poster, you'll have to copy their email address out of the 
message and place it in your TO: field.
--
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New URL spoofing bug in Microsoft Internet Explorer, Benjamin Franz
Next by Date:  Re: New URL spoofing bug in Microsoft Internet Explorer, http-equiv@excite.com
Previous by Thread:  New URL spoofing bug in Microsoft Internet Explorer, Benjamin Franz
Next by Thread:  Re: New URL spoofing bug in Microsoft Internet Explorer, Angus Scott-Fleming
Indexes:  [Date] [Thread] [Top] [All Lists]