Author Topic: New embarrasing bug discovered in IE  (Read 1130 times)

Xeen

  • VIP
  • Member
  • ***
  • Posts: 1,065
  • Kudos: 55
New embarrasing bug discovered in IE
« on: 12 December 2003, 02:38 »
A new flaw has been found in Microshit's Internet Explorer.

Generally, spoofers lure customers to bogus e-commerce Web sites with the hope of capturing personal information, such as Social Security (news - web sites) and credit-card numbers. A consumer entering www.amazon.com would be redirected to the fake Web site, but "www.amazon.com" would appear in the address bar.

 
quote:
The vulnerability is caused by an input validation error, "which can be exploited by including the '%01' URL encoded representation after the username and right before the '@' character in an URL" Secunia explains in its advisory.  


Looks like Microsoft just cant write software. Period.

http://story.news.yahoo.com/news?tmpl=story&ncid=1212&e=5&u=/nf/20031211/tc_nf/22845&sid=95573505

WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
New embarrasing bug discovered in IE
« Reply #1 on: 12 December 2003, 05:51 »
Another one?  Jesus.

It doesn't end, does it?
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez

Enmity

  • Member
  • **
  • Posts: 116
  • Kudos: 0
New embarrasing bug discovered in IE
« Reply #2 on: 12 December 2003, 08:30 »
TCPA
DMCA
RIAA
LONGHORN

Mix'them together... What do you get?

A BIG FUCKING PILE OF STEAMING SHIT!!!


Zombie9920

  • Member
  • **
  • Posts: 1,309
  • Kudos: 33
New embarrasing bug discovered in IE
« Reply #3 on: 12 December 2003, 12:59 »
Ha

Refalm

  • Administrator
  • Member
  • ***
  • Posts: 5,183
  • Kudos: 704
  • Sjembek!
    • RADIOKNOP
New embarrasing bug discovered in IE
« Reply #4 on: 12 December 2003, 16:25 »
Oh... that's too easy  

It isn't a flaw anyways, and it's not even Internet Explorer or Mozilla's fault.

Example:

http://www.cnn.com%[email protected]:81/dnserror.html

[ December 12, 2003: Message edited by: Refalm ]


flap

  • Member
  • **
  • Posts: 1,268
  • Kudos: 137
New embarrasing bug discovered in IE
« Reply #5 on: 12 December 2003, 20:00 »
It is a flaw. The flaw being that the characters after the %01 character aren't displayed in the address bar (in vulnerable browsers).

[ December 12, 2003: Message edited by: flap ]

"While envisaging the destruction of imperialism, it is necessary to identify its head, which is none other than the United States of America." - Ernesto Che Guevara

http://counterpunch.org
http://globalresearch.ca


WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
New embarrasing bug discovered in IE
« Reply #6 on: 13 December 2003, 22:15 »
quote:
Originally posted by Enmity:
Looks like Mozilla ain't immune
http://www.mozillazine.org/talkback.html?article=4078



I ran the test in Mozilla 1.5 and I don't have the flaw. \o/
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez