While on the topic of URI parsing, were you all aware of this behavior?
http://www.lookout.net/2011/06/20/some-browsers-convert-pipe-to-colon-in-the
-file-scheme/
I know someone testing Webkit was as it's in their list of test cases. But
I did not realize that some browsers, MSIE and Chrome, will literally
convert the "|" to a ":" in the drive letter of the path component.
I can see this being a problem for security filters, but can't think of
anything specific.
-Chris
While on the topic of URI parsing, were you all aware of this behavior?
http://www.lookout.net/2011/06/20/some-browsers-convert-pipe-to-colon-in-the
-file-scheme/
I know someone testing Webkit was as it's in their list of test cases. But
I did not realize that some browsers, MSIE and Chrome, will literally
convert the "|" to a ":" in the drive letter of the path component.
I can see this being a problem for security filters, but can't think of
anything specific.
Interesting. Here's another odd behavior that I couldn't convert to a
abuse case, but may be useful to someone.
http://www.cgisecurity.com/2010/03/random-firefox-url-handling.html
Regards,
-Chris
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Am 21.06.2011 20:45, schrieb Chris Weber:
While on the topic of URI parsing, were you all aware of this behavior?
http://www.lookout.net/2011/06/20/some-browsers-convert-pipe-to-colon-in-the
-file-scheme/
I know someone testing Webkit was as it's in their list of test cases. But
I did not realize that some browsers, MSIE and Chrome, will literally
convert the "|" to a ":" in the drive letter of the path component.
I can see this being a problem for security filters, but can't think of
anything specific.
what about ADS - alternate data stream?
http://some.tld/file|wget.exe
feel free to complete the exploit ;-)