Hack rampage the era of the URL address will lie-vulnerability warning-the black bar safety net

ID MYHACK58:6220068249
Type myhack58
Reporter 佚名
Modified 2006-03-24T00:00:00


My name is URL, i.e.,“Uniform Resource Locators”, which means Uniform Resource Locator. In the address bar URL will belong to me the URL of an expression. Substantially all of the visit website the friends are used to me, so my role is very large. Perhaps many friends don't know that I'm very deceptive. In particular there is a group claiming to be the hacker guy was like let me deceive you, take advantage of you not paying attention, let me take you into the implant a Trojan web page. So today I want to bold self-exposing its short, let you see me, do not be those who hack the use I put you to the deceived.

Lie: URL of the spoof of the usual moves

Using my URL is a lie there are many ways, such as starting with the temptation of name of the web site or the use of easy mix of alphanumeric substitution for Bank phishing, there are loopholes in the“%3 0% 5 0”or the like Unicode encoding and so on. But the use of I lie most conventional of moves than the following two:

1.@ Flag filter user name resolution

Originally@flag is the E-mail address of the user name and host separator, but in my URL, the same applies, but function exactly the same. HTTP Hypertext Transfer Protocol, governs me the URL of the full format is“Http://Name: Password@IP address or host name”, wherein the“IP address or host name”is mandatory.@ The flag with its front of“Name: Password”for“username: password”are optional items. That is, in my URL really play a analytical role of the web site is from the@sign behind the start, this is the deceiving principle.

For example: a QQ friend sent you a say is to have the latest blockbusters for free download of address “Http://www.sohu.com@www.Trojan.com.cn/HuiGeZi_Server.exe”you dare to go up on point? Indeed, at a glance appears to be“www.sohu.com”Sohu station of the link, and actually here.“www.sohu.com”just a written Sohu address in the form of a user name here password is empty, because the back has@flag. While the real link URL is“www.Trojan.com.cn/HuiGeZi_Server.exe”in here, in order to better understand, I coined a Trojan website, under which there is“dove gray”service end, as long as we click it will be planted Trojan. This is sent to the URL address is in fact completely equivalent to“Http:// www.Trojan.com.cn/HuiGeZi_Server.exe”and with the previous username have nothing to do, just confusing could be greatly improved. Even without this user name, but also completely does not affect the browser to the URL parsing. Everyone if not letter, in the address bar just write the last like Is“Http://abcdefg@www.sohu.com”the class of the address and then enter try, or still children into the Sohu Station.

  1. Decimal IP address

Common IP address comprises four bytes, usually represented in the form of“xxx. xxx. xxx. xxx”the x represents a decimal digital, for example,“”in. Because of the sheer number of IP addresses is too abstract, difficult to remember, so use DNS domain name service with. Everyone in the browser address bar enter“Http://www.sohu.com the”and“Http://”the results are exactly the same, are to access the Sohu Station, because 6 1. 1 3 5. 1 3 2. 1 2 is the Sohu domain name www. sohu. com IP address. However, if you try again.“Http://1032291340”while the results will surely make many people surprised, because it still opens the Sohu website!

Why a decimal number“1 0 3 2 2 9 1 3 4 0”is equivalent to an IP address“”? In fact I have already hinted everyone, four-digit dotted-decimal form of the IP address“”on behalf of a group of 3 2-bit binary digital, if combined together and then converted into a decimal number the words, the answer is 1 0 3 2 2 9 1 3 4 to 0. Converting method is very simple, is the number system of the press the right to expand:1 2×2 5 6 0+1 3 2×2 5 6 1+1 3 5×2 5 6 2+6 1×2 5 6 3=1 2+3 3 7 9 2+8 8 4 7 3 6 0+1 0 2 3 4 1 0 1 7 6=1 0 3 2 2 9 1 3 4 0(base is 2 5 6, 2 8 in.

Understand this truth, we then look back at the earlier example of“www.Trojan.com.cn/HuiGeZi_Server.exe”it. If such letters domain name also will reveal a trapped Fox tail, then when it is the corresponding IP address, say“”is converted into a decimal number, the result is 1 0 3 2 2 9 1 3 4 1, combined with the@sign filtering user analysis, 欺骗性就又上了一个台阶--Http://www.sohu.com@1032291341 the. At this time, there will be how many people would suspect that this URL is not Sohu?

Prevention: check the source code of the method against URL spoofing

My URL fool of Kung Fu is still a bit powerful typical of self-aggrandizement, but we still can prevent. In fact, deal with these using my URL to go to the deception to lure people fooled by a malicious Web page, only one of the most simple of tricks can be effective, that is, view the page's source code. Of course, this requires a little web page code reading ability.

Suppose someone sent you a URL address-Http://www........ com and advance, you don't know whether it is a URL trick, then, only in the browser address bar enter the“View-Source:Http://www........ com”and press Enter, the system will invoke Notepad to open this web page source code. The next step is in which to search you can use the“Edit→find”menu is not like the Format or have the<iframe src="ww........htm" name="......" width="0" height="0" frameborder="0">like the dangerous coding. If any of course you want to deny access.