[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] [Wooyun] Safari for windows PhishingAlert bypass vuln
From: "Wooyun.org" <help.en () wooyun ! org>
Date: 2013-12-26 15:00:28
Message-ID: CAPQ_=KWFcJTuLmP-w9Eg3kxutJfk-buVHVAiv1542rgVfA16gA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/related)]
[Attachment #4 (multipart/alternative)]
*Abstract:*
The PhishingAlert of Safari stops functioning in Windows systems if an
abnormal URL is being used.
*Details:*
There is a defense mechanism in Safari which recognizes URL deceits such as
http://www.baidu.com@evil.com. The phishing alert will be activated once
the HTTP URL that we want to access contains userinfo information.
(as the picture below shows)
[image: ÄÚǶͼƬ 1]
> http://apple.com@xsser.me/
*Proofs of concept:*
We discovered in our researches that if one or two ¡°/¡± are being added
before the host name, then the PhishingAlert could be bypassed. (Password
of userinfo must be available)
[image: ÄÚǶͼƬ 2]
http://apple.com:£¯@/xsser.me/
*From:*http://en.wooyun.org/bugs/wooyun-2013-014
--
WooYun, an Open and Free Vulnerability Reporting Platform
For more information, please visit *http://en.wooyun.org/about.php
<http://en.wooyun.org/about.php?>*
[Attachment #7 (text/html)]
<div dir="ltr"><b>Abstract:</b><div>The PhishingAlert of Safari stops functioning in Windows \
systems if an abnormal URL is being \
used.</div><div><br></div><div><b>Details:</b></div><div>There is a defense mechanism in Safari \
which recognizes URL deceits such as <a \
href="http://www.baidu.com@evil.com">http://www.baidu.com@evil.com</a>. The phishing alert will \
be activated once the HTTP URL that we want to access contains userinfo information.</div> \
<div><br></div><div>(as the picture below shows)</div><div><img src="cid:ii_1432f696641aabcd" \
alt="ÄÚǶͼƬ 1"><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<a href="http://apple.com@xsser.me/">http://apple.com@xsser.me/</a></blockquote><div><br \
clear="all"><div><br></div><div><b>Proofs of concept:</b><br></div><div>We discovered in our \
researches that if one or two “/” are being added before the host name, then the \
PhishingAlert could be bypassed. (Password of userinfo must be available)<br> </div><div><img \
src="cid:ii_1432f6b201b6c709" alt="ÄÚǶͼƬ 2"><br></div><div>http://apple.com:£¯@/<a \
href="http://xsser.me/">xsser.me/</a><br></div><div><br></div><div><b>From:</b><a \
href="http://en.wooyun.org/bugs/wooyun-2013-014">http://en.wooyun.org/bugs/wooyun-2013-014<br> \
</a>-- </div><div dir="ltr"><p style="font-size:13px;line-height:17.05pt"><span \
lang="EN-US" style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(68,68,68)">WooYun, \
an Open and Free Vulnerability Reporting Platform</span></p> <p \
style="font-size:13px;line-height:17.05pt"><span lang="EN-US" \
style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(68,68,68)">For more information, \
please visit </span><u><span lang="EN-US" \
style="font-size:12pt;font-family:Calibri,sans-serif;color:blue"><a \
href="http://en.wooyun.org/about.php?" style="color:rgb(17,85,204)" \
target="_blank">http://en.wooyun.org/about.php</a></span></u></p> </div>
</div></div>
--047d7bdc9d64fb23fa04ee713ca1--
["071359270cc98e79b4907c409db0e2265a6f650e.jpg" (image/jpeg)]
["071329308c35b2a5f2c222cb36f2cf391f24fc93.jpg" (image/jpeg)]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic