Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62200716611
HistoryAug 21, 2007 - 12:00 a.m.

A variety of URL deception of the century-vulnerability and early warning-the black bar safety net

2007-08-2100:00:00
佚名
www.myhack58.com
11
JSON

This article has been published in<hack the X-Files>magazine issue 9…evil octal Starter…reprint please indicate the copyright.
Author BLOG:http://www. ciker. org/

No. 7 of the X-Files<hanging horse,don’t forget phpwind Forum>a text reference to the URL of the cheating ways has caused me great interest…just do it yourself tried it…found the author of the code provided a bit of a problem.

The authors provide a complete code for
<p><a id =“exploit” href=“http:// 网 马 地址”></a></p>
<div>
<a herf =“http://www.163.com/” target=“_blank”>
<table>
<caption>
<a herf =“http://www.163.com” target=“_blank”>
<lable for =“virus”>
<u styke = “cursor:pointer:color:black”>
www.163.com
</u>
</lable>
</a>
</caption>
</lable>
</a>
</div>
Single from<a herf =“http://www.163.com/” target=“_blank”>this sentence you can see this code is wrong. Because the connection code should be for the href to…and here the author is not careful to commit a mistake. It is easy to mislead our readers…so want to remind the author after writing when you do pay attention.

We just need to put the code in the herf replace the href on it…saved the code after visit this page to test…I found not to like the author said.“表面上指向的连接是www.163.com,in fact the real connection is our web mA address”

打开 页面 后 显示 www.163.com,when we mouse on it when the status bar displays http://www. 1 6 3. com/…after clicking Open or www. 1 6 3. com.
The following code is what I From EST to find to the…

<p><a id=“SPOOF” href=“http://localhost/”></a></p>
<div>
<a href=“http://www.163.com” target=“_blank”>
<table>
<caption>
<label for=“SPOOF”>
<u style=“cursor: pointer; color: blue”>
www.163.com
</u>
</label>
</caption>
</table>
</a>
</div>

Compare it will find the first code than the above of this code more than a
<a herf =“http://www.163.com” target=“_blank”>
Just because such a sentence the code error…cause the deception is unsuccessful…

Now that we know where the mistake is.
Here we have to examples to show the URL spoofing. Save the above code to any file name. But the suffix if the htm file. To open this file. See www. 1 6 3. com we move the mouse up,see the status bar display is http://www. 1 6 3. com/
Figure 1

!

The final open or http://localhost/ Figure 2

!

Practical use you can put the http://localhost/exchange for your own web Trojan address…

Since the URL spoofing problem…here I will introduce several other kinds of URL spoofing way
We first take a look at the URL structure and composition

Most of the Internet user to the WWW address or FTP with the URLs linked,but Uniform Resource Locators(URL, Uniform Resource Locator)used a more General number. URLs in RFC1738 in provisions,of which the most common form is defined as:
<scheme>:<scheme-specific-part>
<scheme>part is the Protocol name, the<scheme-specific-part>section is defined as:
//<user>:<password>@<host>:<port>/<url-path>
Wherein only the<host>portion is a must. The ":“and”@“character has special meaning,so that the server can parse the complete string. If the user name and password included in the URL, the<host>portion only from the”@"character after the start.

Look at a deception of the examples: http://[email protected]
Where the real host is"www.hackerxfiles.net"."www.163.com"in this URL is just a fake user name,the server will ignore it. The final turn of the page is
www.hackerxfiles.net due to the foregoing address is www. 1 6 3. com. As everyone knows this station. Comparison of trust in it. So is this a good deceive role.

不过 有 一点 需要 说明 的 是 http://[email protected] 在 最新 的 IE6.0 里 使用 的话 会 提示 语法 错误 . 但是 如果 对方 使用 的 是 第三方 浏 栏 器 . 比如 Maxthon,Tencent TT,GreenBrowser. You can still cheat…IE6. 0 the following are available through.

On the above URL analysis simply hide its real destination. We can use better methods to hide. For some reason(possibly internal processing),the existingoperating systemto the IP address of the operation is not by our usual format,like:aaa. bbb. ccc. ddd,but the corresponding decimal number.

http://127.0.0.1/ 这类 地址 可以 改写 成 十进制 的 值 http://2130706433/. 在 浏览器 中 输入 http://2130706433/ 你 会 发现 你 已经 打开 了 http://127.0.0.1/ 这个 主页 … 以上 操作 在 IE6.0 测试 无效 … 所以 很 有些 局限性.

Next introduce the point of separation of the octal and the point of separation hexadecimal encryption. EST VIP MET for this wrote an encryption program.

!

From Figure 3 It can be seen we used point eight hexadecimal encryption IP127. 0. 0. 1 results for the http://0177.00.00.01/
In the browser enter http://0177.00.00.01/ 'll see us open up 1 2 7. 0. 0. 1 this page…as shown in Figure 4

!

Points hex encrypt 1 2 7. 0. 0. 1 After get http://0x7F. 0x0. 0x0. 0x1/ in a browser open http://0x7F. 0x0. 0x0. 0x1/ will get the same result…not here in the demo in…

This software also provides a URL encryption Figure 5

!

To be encrypted URL for IP but also for domain name. Here I to www. hackerxfiles. net demo. Click on the encrypted get
http://%77%77%77%2E%68%61%63%6B%65 … C%6 5% 7 3%2E%6E%6 5% 7 4/
In the browser enter http://%7 7%7 7%7 7%2E%6 8% 6 1% 6 3%6B%6 5 … C%6 5% 7 3%2E%6E%6 5% 7 4/Open is hack X-Files home page…

Figure 6

!

Of course, the URL of the deceptive ways…this article only describes several common…if you have any better trick method welcome to the X forum to communicate with me.

JSON