Stop Microsoft
All Things Microsoft => Microsoft as a Company => Topic started by: Xeen on 12 December 2003, 02:38
-
A new flaw has been found in Microshit's Internet Explorer.
Generally, spoofers lure customers to bogus e-commerce Web sites with the hope of capturing personal information, such as Social Security (news - web sites) and credit-card numbers. A consumer entering www.amazon.com (http://www.amazon.com) would be redirected to the fake Web site, but "www.amazon.com" would appear in the address bar.
quote:
The vulnerability is caused by an input validation error, "which can be exploited by including the '%01' URL encoded representation after the username and right before the '@' character in an URL" Secunia explains in its advisory.
Looks like Microsoft just cant write software. Period.
http://story.news.yahoo.com/news?tmpl=story&ncid=1212&e=5&u=/nf/20031211/tc_nf/22845&sid=95573505 (http://story.news.yahoo.com/news?tmpl=story&ncid=1212&e=5&u=/nf/20031211/tc_nf/22845&sid=95573505)
-
Another one? Jesus.
It doesn't end, does it?
-
Looks like Mozilla ain't immune
http://www.mozillazine.org/talkback.html?article=4078 (http://www.mozillazine.org/talkback.html?article=4078)
-
Ha
-
Oh... that's too easy (http://smile.gif)
It isn't a flaw anyways, and it's not even Internet Explorer or Mozilla's fault.
Example:
http://www.cnn.com%[email protected]:81/dnserror.html (http://www.cnn.com%[email protected]:81/dnserror.html)
[ December 12, 2003: Message edited by: Refalm ]
-
It is a flaw. The flaw being that the characters after the %01 character aren't displayed in the address bar (in vulnerable browsers).
[ December 12, 2003: Message edited by: flap ]
-
quote:
Originally posted by Enmity:
Looks like Mozilla ain't immune
http://www.mozillazine.org/talkback.html?article=4078 (http://www.mozillazine.org/talkback.html?article=4078)
I ran the test in Mozilla 1.5 and I don't have the flaw. \o/