IE Domain Confusion Vulnerability

2000-05-12T00:00:00
ID SECURITYVULNS:DOC:184
Type securityvulns
Reporter Securityvulns
Modified 2000-05-12T00:00:00

Description

IE can be fooled into thinking a web page is in any domain by encoding some characters in the URL and placing the domain you want to spoof at the end of the URL. For example the URL

http://www.peacefire.org%2fsecurity%2fiecookies%2fshowcookie.html%3F.amazon.com

is in the pecefire.org domain but because "/" and "?" are replaced by "%2f" and "%3f" IE will think the URL is in the amazon.com domain.

You can find more information at http://www.peacefire.org/security/iecookies/ Although the web page only mentions cookies it may be possible to exploit the problem in other ways as the security setting for domains may be different. For example the users may allow the execution of unsigned ActiveX controls from its company domain.

-- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum