Bugtraq mailing list archives

Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities

From: Jonathan Smith <smithj () rpath com>
Date: Mon, 06 Aug 2007 19:33:43 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jonathan Smith wrote:

Robert Swiecki wrote:
 > The second one is based on the http URI scheme which allows embedding

user/password parameters into it, i.e. http://user:password () domain com.
Such parameters can contain whitespaces, so the attack vector is quite
obvious.

http://alt.swiecki.net/konq3.html


This does interesting things to firefox as well. Specifically, it hangs
seemingly indefinably (with no cpu utilization). Tested with firefox-2.0.0.6 on
Foresight Linux (firefox=/foresight.rpath.org@fl:1-devel//1/2.0.0.6-1-1).


er, spoke too soon. It actually just presents a dialog box that doesn't let you
choose an option (to continue logging in or not). What I was seeing was firefox
not letting me do anything until I chose one of the non-existent options.
Killing the dialog box makes the firefox session resume normally. Apparently
this dialog-issue was fixed in trunk (for 3.x) but not in 2.x.

Thanks to Adam Guthrie from Mozilla for helping figure that one out.

        smithj

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iD8DBQFGt6/X0e1Yawpq2XMRAghuAKC7QJIkAoJmueJOU1u6DOzFCJOf9ACgyhrk
A77j6xRZJwyhh99rreUnOLo=
=aBJN
-----END PGP SIGNATURE-----

Current thread:

Konqueror: URL address bar spoofing vulnerabilities Robert Swiecki (Aug 06)
- Re: Konqueror: URL address bar spoofing vulnerabilities paraw (Aug 07)
  - Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities Robert Swiecki (Aug 07)
    - Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities Patrick Nagel (Aug 07)
- Re: Konqueror: URL address bar spoofing vulnerabilities Jonathan Smith (Aug 07)
  - Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities Jonathan Smith (Aug 07)