New IE Bug Hides Real Site Address - Are you vulnerable?
 

Read about this one.. it's actually pretty nasty!

It allows people to fake what displays up in the location bar, while the browser points somewhere else...

TEST here

Read the advisories here

I wonder how long it'll take for people to start using https://secure-russian-billing.com :/

Check the test link above. It links offsite, but the browser even thinks it's going to the spoofed site - and only shows that i the status bar.

This is more than slghtly nasty!

Im safe...

Using Opera.

What part of " I.E. " in the thread title didnt you get battuss ?

Shit!

Now how can I make money from this?

What part of im safe, im using Opera didnt you get idiot?

Stop fucking stalking me...youre like shit under my shoe that just wont go.

Fucking freak.

holy fuck... :helpme

heeere we go :D

spam those fake paypal emails, and the address will look real :Graucho

Good one.

How long will it take someone to blame Smokey The Bear for this? :1orglaugh

Thats what I was thinking! :1orglaugh

Netscape 7.1 is also vulnerable to this.

shit, there don't seem to be any work-arounds yet either, although right-click/properties on the link shows the offending character.

i'm guessing the phishers are doing overtime on their fake sites at the moment.

It doesn't work with sites that redirect / break out of frames.. like cnn.com

Nice find though

It works with paypal.com too : )

Test: <a href="http://www.adult.com
%[email protected]/">Adult.com</a> :winkwink:

I just hit their test link and my NS 7.1 didn't get exploited...

in-ter-esting...


only sounds worthwhile to <><'ers & carders...

LOL. Seriously, somebody should hire him as a security expert. Dude's got skillz.

haha thats cool :thumbsup

now u've made me extra paranoid

More Vuln. of IE

Liu Die Yu - Chinese IT Expert

So how does it look under IE? I still see the site, but the full URL is shown in the address bar (fakeurl + garbage characters + @real url etc)...

In the status bar I see the fake url + a garbage character.

Does this all look clean and unassuming under IE? Everything after (and including) the garbage character hidden?

If so, nice.

... this got me started !!

looks alot of people are going to get scammed this christmas :(

http://kweks.brisurbex.com/mei/uploads/iebug.gif

looks coche all the way, even when you move your mouse over the link :/

haha my first thought was also sending someone at goatse.cx

I think that's a call out for people to make the funniest fake url w/ the ie bug competition :D

It looks like all it does is use a line break to seperate the URL.

microsoft.com
%[email protected]/internet_explorer_address_bar_spoofing_test/

The URL is basically on 2 lines.

This does not just effect IE.

Just check your personal 'ignore list', after a redirect with my IE got some new entries there :(

Sure enough my IE failed the test, with netscape it added a bunch of extra characters to the url.

Its shit like this that makes me glad netscape is my default browser.

:thumbsup - thinking about it this moment

yeah, pity that the 90% of people out thhere don't do the same thing..

wow. thats the scariest thing i've seen in awhile. even i might have fallen for it in an email scam or something had they caught me at a bad time.

well once again ie has proven once again to be the new pioneer into gaping security holes. im suprised this one wasn't found sooner. smokey must have been wasting too much time lurking on gfy ;)

:1orglaugh :1orglaugh

wow this is fun to freak out your friends and family. you can tell them you are a l33t haxx0r and you took over yahoo.com

<a href="http://www.yahoo.com
%[email protected]/">Yahoo</a>

I notice that google's toolbar shows the PR for the fake URL, rather than the actual site it's loading. I guess this will happen with most plugins coded in C, since it will see the %00 as a string terminator.

I typically do a view source to veryfiy any link that wants me to enter personal info. Guess my paranoia is finally paying off :uhoh

Alex bought adult.com :glugglug



isn't it crazy that after all these years nobody had noticed this bug?

this exploit has been around for many many years and is not going anywhere, its for hahahahahading usernames and passwords into URLS.

Wrong.


But why the hell did some one post this

Very interesting

<a href="http://www.flowersandsunshine.com
%[email protected]/">flowersandsunshine.com</a>

go read the RFC;s

Cos I thougth It was interesting and pertinent to us.

re: beign around for years.. i think you're confusing it with:

www.microsoft.com/legitimate/url.html@obfuscated

which of course sends the first part as the username and is ignored.

This one is similar, except the real url is totally hidden, in the link, the status bar and the url bar.

same idea, a little bit trickier.

Smokey did it. LOL Damn bastard.

9/11 smokeys fault.
teen pregnancy smokeys fault.

ok, im using opera, and a patched version of IE apparently, cause it showed right url for me.

For anyone who doubts the implications of this


http://www.epassport.com

Go there and login.

Fuck!

I just noticed this fools google PR too.

damn, this goes deeper than i thought... it REALLY looks legit now.

heh nice demo :) :thumbsup

wee i jsut won a tshirt for this :D

I got hit with it 6 to 8 months ago.

My address bar would say msn.com, but the search page included links to porn and casino's. That seemed kind of odd.

The possiblities with blind clicks are endless...