header-logo
Suggest Exploit
vendor:
Multiple Browsers
by:
SecurityFocus
3.3
CVSS
MEDIUM
URI Obfuscation Weakness
20
CWE
Product Name: Multiple Browsers
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Multiple Browsers URI Obfuscation Weakness

A weakness has been reported in multiple browsers that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI designed to pass access a specific location with a supplied username, contains a hexadecimal 1 value prior to the @ symbol. An attacker could exploit this issue by supplying a malicious URI pointing to a page designed to mimic that of a trusted site, and tricking a victim who follows a link into believing they are actually at the trusted location.

Mitigation:

Ensure that all URIs are properly validated before being used.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9182/info
 
A weakness has been reported in multiple browsers that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI designed to pass access a specific location with a supplied username, contains a hexadecimal 1 value prior to the @ symbol.
 
An attacker could exploit this issue by supplying a malicious URI pointing to a page designed to mimic that of a trusted site, and tricking a victim who follows a link into believing they are actually at the trusted location.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23423.zip

Navigation

Suggest Exploit

Services By CQR