Re: Re: Internet Explorer URL parsing vulnerabi lity

[Dave Sherohman <esper () sherohman org>]

On Thu, Dec 11, 2003 at 10:36:41AM -0800, Jim Race wrote:
> Check that. With Moz 1.5:
>
> Opening in a new *TAB* takes one to MS. Clicking the link takes one to 
> /. with "http://www.microsoft.com%01 () slashdot org/" in the address bar.
>
> That's odd.

Not all that odd.  Take a look at the source for that link:

<a href="http://www.microsoft.com"; onclick="location.href=unescape('http://www.microsoft.com%01 () slashdot 
org/');return false;">

The link actually _is_ to microsoft initially, but the onclick
handler changes it to microsoft%01@slashdot.  If you hit it without
triggering the onclick handler (say, by middle-clicking to open it in
a new tab), then going to microsoft is to be expected.

-- 
The freedoms that we enjoy presently are the most important victories of the
White Hats over the past several millennia, and it is vitally important that
we don't give them up now, only because we are frightened.
  - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html