Re: [Full-disclosure] Weird URL

[Roy]

Bug Traq wrote:


Paste this URL in a firefox browser address bar and see what happens.
http://https/;//gmail.google.com

Anyone know why?
 


same thing happens when you just stick in 'https' at the address box.
firefox probably shoots out a google query for 'https' right away...

checkout google.com and query for 'https' and see what comes out first.. ;-)

disclaimer: somebody already pointed this out earlier.


too fast.. and yet too careless.. too late

-roy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weird URL

[Roy]

Bug Traq wrote:


Paste this URL in a firefox browser address bar and see what happens.
http://https/;//gmail.google.com

Anyone know why?
 


same thing happens when you just stick in 'https' at the address box.
firefox probably shoots out a google query for 'https' right away...

checkout google.com and query for 'https' and see what comes out first.. ;-)

disclaimer: somebody already pointed this out earlier.

-roy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Weird URL

[irfan . syed]

It is just that https "I am Feeling Lucky" is mapped to PayPal while http
keyword is mapped to Microsoft. Wonder how does Google decide though?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of McKinley,
Jackson
Sent: Tuesday, August 02, 2005 4:29 PM
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Weird URL


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 Welcome to googles "im feeling lucky" option.

When you enter that into the address bar keywords takes the https section
of it and sticks it into google. See below.

http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&;
q=https 

Which then returns https://www.paypal.com

..

- -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 2 August 2005 3:40 PM
To: Bug Traq
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Weird URL

Bug Traq <[EMAIL PROTECTED]> wrote on 08/01/2005 11:26:27 AM:

> Paste this URL in a firefox browser address bar and see what happens. 
> http://https/;//gmail.google.com
>
> Anyone know why?

Firefox default is to enable Internet Keywords - see
http://www.mozilla.org/docs/end-user/internet-keywords.html

Apparently there's no UI to disable it in firefox... you have to type
"about:config" in the address bar, find the "keyword.enabled" pref and
change it to false.

Regards,
Lee

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP
SIGNATURE-
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAkLvLr8ACgkQ4Tg6VO8hWuvyHgCfSuuZ2+uk5PtQbdWkWlQx5rtU
/XAAoIsJrzG8cZiDhdFdc3m6B254FEsZ
=PnRD
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Weird URL

[McKinley, Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 Welcome to googles "im feeling lucky" option.

When you enter that into the address bar keywords takes the https
section of it and sticks it into google. See below.

http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&;
q=https 

Which then returns https://www.paypal.com

..

- -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 2 August 2005 3:40 PM
To: Bug Traq
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Weird URL

Bug Traq <[EMAIL PROTECTED]> wrote on 08/01/2005 11:26:27 AM:

> Paste this URL in a firefox browser address bar and see what happens.
> http://https/;//gmail.google.com
>
> Anyone know why?

Firefox default is to enable Internet Keywords - see
http://www.mozilla.org/docs/end-user/internet-keywords.html

Apparently there's no UI to disable it in firefox... you have to type
"about:config" in the address bar, find the "keyword.enabled" pref and
change it to false.

Regards,
Lee

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAkLvLr8ACgkQ4Tg6VO8hWuvyHgCfSuuZ2+uk5PtQbdWkWlQx5rtU
/XAAoIsJrzG8cZiDhdFdc3m6B254FEsZ
=PnRD
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weird URL

[lee . e . rian]

Bug Traq <[EMAIL PROTECTED]> wrote on 08/01/2005 11:26:27 AM:

> Paste this URL in a firefox browser address bar and see what happens.
> http://https/;//gmail.google.com
>
> Anyone know why?

Firefox default is to enable Internet Keywords - see
http://www.mozilla.org/docs/end-user/internet-keywords.html

Apparently there's no UI to disable it in firefox... you have to type
"about:config" in the address bar, find the "keyword.enabled" pref and
change it to false.

Regards,
Lee

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Weird URL

[Nuno Cruz]

 
Just search http and https on google, that will tell you the answer :)

--
Regards,

Nuno Cruz 
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bug Traq
Sent: segunda-feira, 1 de Agosto de 2005 16:26
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Weird URL

Paste this URL in a firefox browser address bar and see what happens.
http://https/;//gmail.google.com

Anyone know why?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weird URL

[Micheal Espinola Jr]

Ahh, good call!

On 8/1/05, Steve Friedl <[EMAIL PROTECTED]> wrote:
> On Mon, Aug 01, 2005 at 11:26:27AM -0400, Bug Traq wrote:
> > Paste this URL in a firefox browser address bar and see what happens.
> > http://https/;//gmail.google.com
> >
> > Anyone know why?
> 
> You get the same thing when you enter just
> 
>https
> 
> and it's because www.paypal.com is the first Google hit for this term
> (via I'm Feeling Lucky) as invoked by Firefox for non URLs.
> 
> Steve
> 
> ---
> Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
> www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | [EMAIL PROTECTED]
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


-- 
ME2  
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weird URL

[Vincent van Scherpenseel]

On Monday 01 August 2005 17:42, Bug Traq wrote:
> Doesn't work in IE though

No, but you were talking about Firefox in your original posting. And besides: 
more and more Average Joes are starting to use Firefox. Now the amount of 
Firefox users is growing, more and more exploits will surface targetted at 
the users of this 'new' browser.

 - Vincent van Scherpenseel


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weird URL

[Bug Traq]

Doesn't work in IE though

On 8/1/05, Vincent van Scherpenseel <[EMAIL PROTECTED]> wrote:
> On Monday 01 August 2005 17:26, Bug Traq wrote:
> > Paste this URL in a firefox browser address bar and see what happens.
> > http://https/;//gmail.google.com
> >
> > Anyone know why?
> 
> Yes, Firefox uses Google's "I'm feeling lucky" feature to redirect users who
> enter a word in the address bar which does not exist. The only part needed to
> be redirected to paypal.com is http://https
> 
> If you shorten that just a little bit (to http://http) you'll arrive at
> www.microsoft.com (that's kind of ironic even ;).
> 
> Now try looking up the words https and http on Google and see which websites
> are at rank 1 :)
> 
> This feature could be exploited by malicious people though: by crafting a
> phishing mail with the url: http://http://www.abnamro.com people arrive at
> Microsoft's website instead of the site of the ABN Amro bank. Now what if
> someone replaces the second http with a keyword which links to a malicious
> ranked-1 site in Google? In combination with Google ranking abuse tricks this
> could pose a serious threat to Average Joe.
> 
>  - Vincent van Scherpenseel
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weird URL

[Vincent van Scherpenseel]

On Monday 01 August 2005 17:26, Bug Traq wrote:
> Paste this URL in a firefox browser address bar and see what happens.
> http://https/;//gmail.google.com
>
> Anyone know why?

Yes, Firefox uses Google's "I'm feeling lucky" feature to redirect users who 
enter a word in the address bar which does not exist. The only part needed to 
be redirected to paypal.com is http://https

If you shorten that just a little bit (to http://http) you'll arrive at 
www.microsoft.com (that's kind of ironic even ;).

Now try looking up the words https and http on Google and see which websites 
are at rank 1 :)

This feature could be exploited by malicious people though: by crafting a 
phishing mail with the url: http://http://www.abnamro.com people arrive at 
Microsoft's website instead of the site of the ABN Amro bank. Now what if 
someone replaces the second http with a keyword which links to a malicious 
ranked-1 site in Google? In combination with Google ranking abuse tricks this 
could pose a serious threat to Average Joe.

 - Vincent van Scherpenseel
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weird URL

[admin]

> Paste this URL in a firefox browser address bar and see what happens.
> http://https/;//gmail.google.com
>
> Anyone know why?
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

On my Firefox that URL sends me to Paypal.com. Try just http and https. On
my system the latter sends me to paypal.com while the former sends me to
www.microsoft.com. dunno why

westdene

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weird URL

[Steve Friedl]

On Mon, Aug 01, 2005 at 11:26:27AM -0400, Bug Traq wrote:
> Paste this URL in a firefox browser address bar and see what happens.
> http://https/;//gmail.google.com
> 
> Anyone know why?

You get the same thing when you enter just

https

and it's because www.paypal.com is the first Google hit for this term
(via I'm Feeling Lucky) as invoked by Firefox for non URLs.

Steve

--- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | [EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/