Heh, this vulnerability is kinda fun.

Security, malware, viri--you've got to keep your eyes open
Post Reply
Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia
Contact:

Post by Gerry » 02/24/04, 12:17 pm

<a href="http://www.microsoft.com%00@shellcity.net">http://www.microsoft.com</a>

http://www.microsoft.com%00@shellcity.net

Ya need a version of IE6 without the latest service pack though.
I answer rhetorical questions for my own enjoyment.

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 02/24/04, 3:42 pm

What's it supposed to do?

Melkor
Senior Member I Get Free Beer
Senior Member I Get Free Beer
Posts: 314
Joined: 12/04/01, 12:00 am
Location: Wherever i am going.
Contact:

Post by Melkor » 02/24/04, 4:50 pm

it hides everything after the and including the %00

Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia
Contact:

Post by Gerry » 02/25/04, 12:17 pm

Well if you have one of the vunerable browsers putting your mouse over the link will show http://www.microsoft.com in your status bar (keeping in mind there is no javascript) and then when you click on the link it will send you to shellcity.net but it will say http://www.microsoft.com in the URL bar. Very sweet.

This could be bad though cause somebody could fake a site like Microsoft.com and then distrubute viruses and pretend that they are service packs. :-)
I answer rhetorical questions for my own enjoyment.

bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis
Contact:

Post by bob » 02/25/04, 12:53 pm

Gerry, that's a pretty old trick. For a short while we were using that kind of link at Dr for headlines evem (kind of unreliable) something like
http://new+browser+available+at+shell+c ... llcity.net
WYSIWTF

Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia
Contact:

Post by Gerry » 02/26/04, 6:17 am

Are you sure we are talking about the same thing Bob?

Here is where I found the vulnerability:
http://secunia.com/advisories/10395/

It says it was the most read headline in the last 24 hours on the site so I'm not sure how it could be old news.
I answer rhetorical questions for my own enjoyment.

Post Reply