Internet Explorer URL Spoofing Vulnerability
trang này đã được đọc lần
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
Description:
A vulnerability has been identified in Internet
Explorer, which can be exploited by malicious people to display a fake URL in
the address and status bars.
The vulnerability is caused due to an input validation error, which can be
exploited by including the "%01" and "%00" URL encoded representations after
the username and right before the "@" character in an URL.
Successful exploitation allows a malicious person to display an arbitrary FQDN
(Fully Qualified Domain Name) in the address and status bars, which is
different from the actual location of the page.
This can be exploited to trick users into divulging sensitive information or
download and execute malware on their systems, because they trust the faked
domain in the two bars.
Example displaying only "http://www.trusted_site.com" in the two bars when the
real domain is "malicious_site.com":
http://www.trusted_site.com%01%00@malicious_site.com/malicious.html
A test is available at:
http://www.secunia.com/internet_explorer_address_bar_spoofing_test/
The vulnerability has been confirmed in version 6.0, and version 5.x is also
affected according to Microsoft's knowledge base article.
Solution:
Filter malicious characters and character sequences in a proxy server or
firewall with URL filtering capabilities.
Don't follow links from untrusted sources.
See Microsoft knowledge base article for other workarounds and ways to
identify a spoofed website.
Reported by / credits:
Originally discovered by:
Zap The Dingbat
Status bar variant reported by:
Chris Hall
Changelog:
2003-12-11: Linked to test. Added information
regarding variant, which makes it possible to spoof URL in the status bar as
well.
2003-12-14: Microsoft has issued a knowledge base article concerning the
issue. This also reports that version 5.x is affected.
Other References:
Microsoft Knowledge Base Article - 833786:
http://support.microsoft.com/?id=833786