IE bug lets fake sites look real

KwitkoKwitko Sheriff of Banning (Retired)By the thing near the stuff Icrontian
edited December 2003 in Science & Tech
Savvy Web surfers often figure out the ruse from irregularities in the Web address. But in the method described by Secunia, IE could allow the address bar for the spoofed eBay site, for example, to read "ebay.com."

Article: http://rss.com.com/2100-7355_3-5119440.html?part=rss&tag=feed&subj=news

Proof of concept: http://www.zapthedingbat.com/security/ex01/vun1.htm

Comments

  • t1rhinot1rhino Toronto
    edited December 2003
    That's pretty cool!
  • drasnordrasnor Starship Operator Hawthorne, CA Icrontian
    edited December 2003
    It doesn't appear to be working in the latest build of Avant Browser, which is odd because Avant uses IE for its web core.

    -drasnor :fold:
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited December 2003
    Yes, I noticed that too. That's certainly a positive mark for AB.
  • a2jfreaka2jfreak Houston, TX Member
    edited December 2003
    Just another reason I use a Gecko browser.
  • croc_croc_ New
    edited December 2003
    the bug works in firebird....

    nvm im blind.
  • EMTEMT Seattle, WA Icrontian
    edited December 2003
    Clever :)
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited December 2003
    Very clever.
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited December 2003
    Yes, Microsoft IE accepts UTF8 in web addresses. That is where the %01 and %20 come from (but %20 is a valid character in UTF8, and AFAIK so is %01).

    The problem is, FrontPage can gen sites with UTF8 depending on what version is used, and deliberate insertions of UTF8 are accepted by many browsers. IE and some Mozillas have an autoparse routine for UTF8, ie they understand it. So, unless UTF8 is dropped, Microsoft is stuck as far as completely killing this kind of thing.

    AND, IE can parse email addresses, and try to autosearch for the domain corresponding to the email address with whatever search engine it is told to use. To stop that would be to take away IE or cripple IE's site sutosearch, so Microsft has a tough nut to crack to fix in browser. BE CAREFUL about where you buy on the web, and if you cannot query a request for info, or an order, promptly, tell your bank what has happened. Good ones will treat such as lost or stolen cards and the number you entered will vaporize from validity. That is the only way I know to totally fix this until MS does a rewrite of IE and some of its production software from scratch as far as searching and UTF8 stuff.

    Also, if you get trapped like this, look for trojans with AV software and if it happens often turn off autocomplete which will let you manually search but can also, if you turn off the searching by deselecting the search engines to autouse and use only known search engines in IE with directly entered search engine addresses, give you a way to limit this a lot. You may also find a switch to disable UTF8 functionality, if that is still in IE-- and it must be still in there in combination with a DNS redirect in a search engine or ISP DNS server or DNS redirect service if IE 6 can do this with that input.

    John.
  • Omega65Omega65 Philadelphia, Pa
    edited December 2003
    The bug doesn't affect Netscape v7.1 :)
  • EnverexEnverex Worcester, UK Icrontian
    edited December 2003
    I clicked their test and was wondering why it didn't work. At that point I realised I was using firebird :)

    Firebird accepts %whatever for things as I use it in my site, but this exploit doesn't work.

    NS
  • LawnMMLawnMM Colorado
    edited December 2003
    Omega65 had this to say
    The bug doesn't affect Netscape v7.1 :)

    Sure doesn't.
Sign In or Register to comment.