Created attachment 8816723 [details] spoofing_link_poc.html User Agent: Mozilla/5.0 (Windows NT 5.1; rv:50.0) Gecko/20100101 Firefox/50.0 Build ID: 20161129173726 Steps to reproduce: Step by step: a) The attacker registers a domain with Arabic Letters (and Arabic Domain Extension ex. شبكة) b) Next, attacker need to use "Punycode Converter" to convert domain name into "Punycode" c) Next, attacker need to create link with this scheme: <a href="http://xn--pgbr3deabc.xn--ngbc5azdabc/HERE_WE_NEED_TO_PUT_SPOOFED_IP/" target="_blank" rel="nofollow">IP Spoofing Link</a> Example: <a href="http://xn--pgbr3deabc.xn--ngbc5azdabc/127.0.0.1/" target="_blank" rel="nofollow">IP Spoofing Link</a> Proof of Concept: Spoofing Link - Open in Browser - http://xn--pgbr3deabc.xn--ngbc5azdabc/127.0.0.1/ (this is not my domain, I only use it for example) You can change domain "xn--pgbr3deabc.xn--ngbc5azdabc", to any domain with Arabic Letters and Arabic Domain Extension. =========================== Firefox Version: 50.0.2 Operating System: Microsoft Windows XP SP3 and Microsoft Windows 7 SP1 Actual results: Spoofing any IP address in the Browser Address Bar and link (hyperlink) by using Arabic Letters in Domain Name and Extension I found a vulnerability allowing to spoof any IP address in the Browser Address Bar and link (hyperlink). The attacker using this vulnerability can register a domain name, and create fake login panel for the router on this domain. Expected results: IDN domains should not use RTLO for /catalog_path/.
99% sure this is a straight-up dupe of bug 1298584, which is public, so this can be opened up and duped.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1298584
Yes, you right :-) Can I write and publish an article describing about this vulnerability with example PoC ? Best Regards
You need to log in before you can comment on or make changes to this bug.