Wednesday, February 16, 2005

New URL Unicode Spoofing Technique Revealed

Unicode table

Another unicode based exploit. Because you can now use unicode in URLs it's quite easy to spoof them. Example:

http://www.paypal.com is the actual site and http://www.pаypal.com/ is the spoof URL.

The spoof URL is actually http://www.pаypal.com, which of course is the unicode character а, which looks exactly like an a. You don't need to be a genius to see where this is going....

For more info and a demo check out Secuna. Boingboing even has a possible fix.

0 Comments:

Post a Comment

<< Home