Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities

From: Jonathan Smith <smithj_at_nospam>
Date: Mon Aug 06 2007 - 22:37:05 GMT
To: Robert Swiecki <jagger@swiecki.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Swiecki wrote:
> The second one is based on the http URI scheme which allows embedding
> user/password parameters into it, i.e. http://user:password@domain.com.
> Such parameters can contain whitespaces, so the attack vector is quite
> obvious.
>
> http://alt.swiecki.net/konq3.html
>
> Tested with Konqueror 3.5.7 on Linux 2.6

This does interesting things to firefox as well. Specifically, it hangs seemingly indefinably (with no cpu utilization). Tested with firefox-2.0.0.6 on Foresight Linux (firefox=/foresight.rpath.org@fl:1-devel//1/2.0.0.6-1-1).

smithj

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iD8DBQFGt6KR0e1Yawpq2XMRAptmAJ9YTUDtNKUctdrfPDLGn6sWug/ivwCeIYvE IpsCSHCIHi6dyzWPebwp/wU=
=bLFr
-----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Jonathan Smith: "Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities"
Previous message: Robert Swiecki: "[Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities"
In reply to: Robert Swiecki: "[Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities"
Next in thread: Jonathan Smith: "Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities"
Reply: Jonathan Smith: "Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]