Exploit on Micro$oft Explorer
Results 1 to 10 of 10

Thread: Exploit on Micro$oft Explorer

  1. #1

    Exploit on Micro$oft Explorer

    ive read some exploits from other site and just wanted to share this on read exploits here this will give a fake url to the user!!! you can get some private information if they put their PIN or crdit card no... so wat can you say about Micro$oft,,, ,

  2. #2
    i found this exploits from other BBS forum n a local friend of the administrator der redice posted this one, ive tried to change the script and put it online & the exploit does work..the exploits goes like this the user can see that the URL address is the one that he/she wanted to visit, but what they dont see is that the real url add is hidden in the script, and if they type some information and press enter the information will be directed to the attackers, and the user will be directed to the real site.. this is just my explanation... and base from what ive read ..

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    Yup, came out just before Christmas last year.
    I saw it detected on the 24/12/2003.

    AV scanners do pick this up if you receive a malformed HTML email using OE.

    McAfees description: http://us.mcafee.com/virusInfo/defau...virus_k=100927

    If you want to run IE/OE it just shows the importance of having an AV scanner active at all times.

    I had expected Microsoft to patch this, but I presume they were unable to do so

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534

    url exploit

    Ow, you mean this exploit

    <edit type="addition">

    based down comes to this

    it sends username www.microsoft.com[alt255]%00 to the server of www.antionline.com

    Code:
    http://www.microsoft.com%00@www.antionline.com
    
    FAKE URL  --- ^                        ^---  REAL URL
    </edit>

    there have been multiple post about it . . .
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  5. #5
    Member
    Join Date
    May 2002
    Posts
    68
    Everyone seems to keep making the mistake that this is an IE exploit, even security article writers. It's not a only a MS issue, the above syntax works on other browsers including some ver. of Mozilla.
    [gloworange]
    find /home/$newbie -name *? | www.google.com 2>/dev/null
    [/gloworange]

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    uhm.. no..
    I've not seen it work on Opera, Mozilla, Konqueror etc..
    only IE !!
    the only possible mozilla version I could imagine this working on would have to be one of the first test versions (using standard MFC crapp.)


    This exploit was found before christmass and there there is still no fix !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    Custom User
    Join Date
    Oct 2001
    Posts
    503
    It doesn't really work on mozilla. On mozilla it will take you to the false page, but when you hover over the link, it shows an extra symbol at the end of the address, and using your example above,
    will come out on the address bar.

    ac

  8. #8
    Junior Member
    Join Date
    Jan 2004
    Posts
    10
    interesting exploit, but for some reason when i type [Alt+255] on my pc, i get an _ (underscore).. why would that be??

  9. #9
    Junior Member
    Join Date
    Sep 2002
    Posts
    13
    It all depends on your charset if in the html code you don't specify ISO-XXXX your browser uses the default

  10. #10
    gothic_type yup!! what you just quote is right

    " http://www.microsoft.com%00@www.antionline.com " using the unreadable character (%01)@then the website .. they used that exploit to trick me, i guess the microsoft knows this but i haven't heard if they release a patch to fix it..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •