Savvy Web surfers often figure out the ruse from irregularities in the Web address. But in the method described by Secunia, IE could allow the address bar for the spoofed eBay site, for example, to read "ebay.com."


Article: http://rss.com.com/2100-7355_3-5119440.html?part=rss&tag=feed&subj=news

Proof of concept: http://www.zapthedingbat.com/security/ex01/vun1.htm

That's pretty cool!

It doesn't appear to be working in the latest build of Avant Browser, which is odd because Avant uses IE for its web core.

-drasnor :fold:

Yes, I noticed that too. That's certainly a positive mark for AB.

Just another reason I use a Gecko browser.

the bug works in firebird....

nvm im blind.

Clever :)

Very clever.

Yes, Microsoft IE accepts UTF8 in web addresses. That is where the %01 and %20 come from (but %20 is a valid character in UTF8, and AFAIK so is %01).

The problem is, FrontPage can gen sites with UTF8 depending on what version is used, and deliberate insertions of UTF8 are accepted by many browsers. IE and some Mozillas have an autoparse routine for UTF8, ie they understand it. So, unless UTF8 is dropped, Microsoft is stuck as far as completely killing this kind of thing.

AND, IE can parse email addresses, and try to autosearch for the domain corresponding to the email address with whatever search engine it is told to use. To stop that would be to take away IE or cripple IE's site sutosearch, so Microsft has a tough nut to crack to fix in browser. BE CAREFUL about where you buy on the web, and if you cannot query a request for info, or an order, promptly, tell your bank what has happened. Good ones will treat such as lost or stolen cards and the number you entered will vaporize from validity. That is the only way I know to totally fix this until MS does a rewrite of IE and some of its production software from scratch as far as searching and UTF8 stuff.

Also, if you get trapped like this, look for trojans with AV software and if it happens often turn off autocomplete which will let you manually search but can also, if you turn off the searching by deselecting the search engines to autouse and use only known search engines in IE with directly entered search engine addresses, give you a way to limit this a lot. You may also find a switch to disable UTF8 functionality, if that is still in IE-- and it must be still in there in combination with a DNS redirect in a search engine or ISP DNS server or DNS redirect service if IE 6 can do this with that input.

John.

The bug doesn't affect Netscape v7.1 :)

I clicked their test and was wondering why it didn't work. At that point I realised I was using firebird :)

Firebird accepts %whatever for things as I use it in my site, but this exploit doesn't work.

NS

Omega65 had this to say
The bug doesn't affect Netscape v7.1 :)

Sure doesn't.