Menu

#557 IE exploits filter breaks Amazon search feature

version 3.0
closed-fixed
Fabian Keil
funct: filtering (140)
5
2006-10-04
2005-01-09
Frederic Crozat
No

The address bar spoofing filter in ie-exploits is breaking search on Amazon website.

To duplicate :
-go to amazon.com
-seach for "linux"
-in the result page, click on "Software" in the Refine your seach column
-on the new result page, check the link corresponding to "More Result" and you'll see the store-name part containing MALICIOUS-LINK because %01 got replaced.

Discussion

  • Frederic Crozat

    Frederic Crozat - 2005-01-10

    Logged In: YES
    user_id=13361

    Here is a correct regexp to fix the exploit but to not touch
    amazon links

    s/(<a[^>]*href[^>]*)(\x01|\x02|\x03|%0[012])\@/$1MALICIOUS-LINK\@/ig

     

  • Nobody/Anonymous

    Nobody/Anonymous - 2005-01-24

    Logged In: NO

    ...or just add the following to your 'user.action' file:

    {-filter{ie-exploits}}
    .amazon.*/exec/obidos/search-handle-url

     

  • Fabian Keil

    Fabian Keil - 2006-10-04

    Logged In: YES
    user_id=875547

    Thanks for the report.

    I added your fix in:
    http://ijbswa.cvs.sourceforge.net/\*checkout*/ijbswa/current/default.filter?revision=1.22
    It will be part of the next release.

     

  • Fabian Keil

    Fabian Keil - 2006-10-04
    • assigned_to: nobody --> fabiankeil
    • status: open --> closed-fixed
     

Log in to post a comment.