|
|
|
‘Bugged’ online
Changing the URL This opens <domain.com> while the ending with %01 is not
displayed. Create a HTML file with the following body tag to see how this works:
<body onload=”window.open(unescape(‘http://www.FAKE.com%01@news.yahoo.com’));”</body> Loading this result in <news.yahoo.com> while the address
bar shows FAKE.com. Using Notepad for popup This file can exist at either server containing, say, an ad
message, or can exist at the client side, such as a well-known system file whose
location can be guessed. The code below will try to launch win.ini on client
machine:<a href=view-source:file:///c:\windows\win.ini>Open INI file</a>. To cause a file or link to open automatically, the trick
can be applied to an image source as well. This will make sure that the Notepad
popup appears every time the page is loaded without requiring user intervention:
<img src=view-source:http://www.google.com> The good thing about this feature is that it works even
when scripting is turned off, and most popup blocker utilities do not block
them. Naïve users can be tricked into changing critical system
files or a large number of files can be opened to hog up resources by this
code. Adding a site to favourites This operation is transparent and the victim might not
suspect that merely clicking a link would alter the IE favourite list. There are
many others, like automatically dropping files in startup folders and adding spy
components. If you have ever used Ad-aware or Spy Bot Search & Destroy,
you probably know how many spyware and adware programs are installed your
system. Most of these come through the web, and of course IE is one of the most
widely used internet browsers. So surf safely! The writer <arbil@cyber.net.pk> contributes
regularly to Sci-tech World
MICROSOFT products are notorious for having many bugs and vulnerabilities (just read MS-Office’s security bulletins), Internet Explorer (IE) being one of them.
Regardless of whatever version one has, one will find oneself susceptible to a host of malicious activities carried out by hackers, tricking IE to perform tasks it is not supposed to, which are usually not in favour of the end-user.
Say, for example, the infamous automatic home page setting which always overrides the user specified homepage or even blank-page settings. The phenomenon is popularly known as “homepage hijacking.” This and other such attacks are quite possible and so let us look at some of the “bugs” that are lurking on the internet.
EXE file hidden in HTML
If you think that clicking an HTML link is safe, guess again. Create a page in your favourite HTML editor and paste Base64 encoding of an EXE file. Then insert the script given below:
MIME-Version: 1.0
Content-Location:file:///test.exe
Content-Transfer-Encoding: base64
Check the folder mentioned above again and you will find that an unknown entry has been added. This refers to the page you have created. Since the code is self-contained in the HTML file, any unpatched, older or lower security settings will be automatically dropped by Internet Explorer and will run the EXE file.
Crashing IE6 with code line
Create an HTML file by typing in input type size="20". Open the file, and IE will close saying “Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.” This happens, as IE is unable to handle the malformed input tag, which neither specifies a type nor does it close.
Crash IE6 using CSS
Using “ “<STYLE>@;/*” in an HTML file crashes IE.
An address bar can be set to display a different URL than the page being
displayed. This works quite like opening a window with the convention user%01@domain.com.
The link construct given below can be used to open a file using notepad
<view-source:{site or file name w/o braces}>
Using an especially crafted code, a simple click operation can be turned
into a drag-n-drop operation which automatically adds a particular URL (of the
hacker’s choice) to the client’s favourite list.
