Crossite scripting in Internet Explorer and Konqueror - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Crossite scripting in Internet Explorer and Konqueror
updated since 04.09.2002
Published: 07.09.2002
Source: BUGTRAQ
SecurityVulns ID: 2264
Type: client
Level: 6/10
Description: It's possible to spoof domain by using %sF in URL's username: http://secretcookie.com%2F@hacker.com/

Affected: MICROSOFT : Internet Explorer 6.0
KONQUEROR : Konqueror 3.0

Original document Piotr Pawłow, MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable (07.09.2002)

Liu Die Yu, MSIEv6 % encoding causes a problem again (04.09.2002)

Discuss: Read or add your comments to this news (0 comments)