IE Domain Confusion Vulnerability

Type securityvulns
Reporter Securityvulns
Modified 2000-05-12T00:00:00


IE can be fooled into thinking a web page is in any domain by encoding some characters in the URL and placing the domain you want to spoof at the end of the URL. For example the URL

is in the domain but because "/" and "?" are replaced by "%2f" and "%3f" IE will think the URL is in the domain.

You can find more information at Although the web page only mentions cookies it may be possible to exploit the problem in other ways as the security setting for domains may be different. For example the users may allow the execution of unsigned ActiveX controls from its company domain.

-- Elias Levy Si vis pacem, para bellum