Click here to get back home

PIE (and IE) bug with URL non-compliant with RFC 1738
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.smartphone    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
PIE (and IE) bug with URL non-compliant with RFC 1738 The PocketTV Team 07-21-2006
Get Chitika Premium
Posted by The PocketTV Team on July 21, 2006, 6:56 am
Please log in for more thread options
 i don't understand why PIE (and IE too, by the way) accepts URL's like
http://1113332805 which, according to RFC 1738, are not legal syntax.

try http://1113332805 on any Pocket PC or Smartphone (or on your desktop),
and you'll see that it goes somewhere.

where does it go? well, i have not investigated the exact location of this
server, but i know it is used by scammers/phishers, as you can see here:
http://1113332805/.us/cgi-bin/

this PIE/IE bug is exploited by scammers, so MSFT, by not fixing it, is
playing their game...




Posted by Werner \"Menneisyys\" Ruotsala on July 21, 2006, 7:41 am
Please log in for more thread options
 It's (any URL without dots inside) an intra-network address. Upon
encountering URL's like this, PIE tries to use the connection parameters
used in the Work connection group.

--


--
Werner "Menneisyys" Ruotsalainen - Microsoft MVP - Windows - Mobile Devices
Please see the Pocket PC Mag Expert Blog (including mine) at
http://www.pocketpcmag.com/blogs/ - you will definitely like it.


>i don't understand why PIE (and IE too, by the way) accepts URL's like
>http://1113332805 which, according to RFC 1738, are not legal syntax.
>
> try http://1113332805 on any Pocket PC or Smartphone (or on your desktop),
> and you'll see that it goes somewhere.
>
> where does it go? well, i have not investigated the exact location of
> this server, but i know it is used by scammers/phishers, as you can see
> here: http://1113332805/.us/cgi-bin/
>
> this PIE/IE bug is exploited by scammers, so MSFT, by not fixing it, is
> playing their game...
>
>
>



Posted by The PocketTV Team on July 21, 2006, 8:15 am
Please log in for more thread options
"Werner "Menneisyys" Ruotsalainen [MVP - Windows - Mobile Devices]"
> It's (any URL without dots inside) an intra-network address. Upon
> encountering URL's like this, PIE tries to use the connection parameters
> used in the Work connection group.

i don't have any intra network setup, yet this URL leads to some scammer's
server somewhere around the planet.

where do you see in RFC 1738 that URL can have a server with no dot?

this is not allowed by the standard.

so are you saying that MSFT made a proprietary extension to the internet URL
standard (RFC 1738), and that scammers and spammers are taking advantage of
this extension?

by the way, can you tell me the IP address of the site that you reach when
you go to http://1113332805 ?

the fact the the site is reached but that it's IP and real domain name is
not displayed by PIE (and IE) is, in itself, a security issue.

> --
>
>
> --
> Werner "Menneisyys" Ruotsalainen - Microsoft MVP - Windows - Mobile
> Devices
> Please see the Pocket PC Mag Expert Blog (including mine) at
> http://www.pocketpcmag.com/blogs/ - you will definitely like it.
>
>
>>i don't understand why PIE (and IE too, by the way) accepts URL's like
>>http://1113332805 which, according to RFC 1738, are not legal syntax.
>>
>> try http://1113332805 on any Pocket PC or Smartphone (or on your
>> desktop), and you'll see that it goes somewhere.
>>
>> where does it go? well, i have not investigated the exact location of
>> this server, but i know it is used by scammers/phishers, as you can see
>> here: http://1113332805/.us/cgi-bin/
>>
>> this PIE/IE bug is exploited by scammers, so MSFT, by not fixing it, is
>> playing their game...
>>
>>
>>
>
>



Posted by Tony A. on July 21, 2006, 9:08 am
Please log in for more thread options
The PocketTV Team wrote:
> "Werner "Menneisyys" Ruotsalainen [MVP - Windows - Mobile Devices]"
>> It's (any URL without dots inside) an intra-network address. Upon
>> encountering URL's like this, PIE tries to use the connection
>> parameters used in the Work connection group.
>
> i don't have any intra network setup, yet this URL leads to some
> scammer's server somewhere around the planet.
>
> where do you see in RFC 1738 that URL can have a server with no dot?

Are you sure it's not a domain name, rather than a form of address?
There's nothing wrong with having a completely numerical domain name,
all it would take would be for the browser to automatically add ".com"
or whatever if the tld is missing, and you'd see what you're seeing.
The links don't go anywhere for me, on any of my browsers, maybe the
site's been taken down already, so I can't tell for sure.



Posted by Clint on July 21, 2006, 11:06 am
Please log in for more thread options
AFAIK, the numeric URL is a decimal representation of the IP address.

http://www.livinginternet.com/i/iw_dns_alias.htm
http://www.pc-help.org/obscure.htm

You can also check out this translator:
http://www.islandgraphicart.co.uk/php/decimal.php3

Clint

> "Werner "Menneisyys" Ruotsalainen [MVP - Windows - Mobile Devices]"
>> It's (any URL without dots inside) an intra-network address. Upon
>> encountering URL's like this, PIE tries to use the connection parameters
>> used in the Work connection group.
>
> i don't have any intra network setup, yet this URL leads to some scammer's
> server somewhere around the planet.
>
> where do you see in RFC 1738 that URL can have a server with no dot?
>
> this is not allowed by the standard.
>
> so are you saying that MSFT made a proprietary extension to the internet
> URL standard (RFC 1738), and that scammers and spammers are taking
> advantage of this extension?
>
> by the way, can you tell me the IP address of the site that you reach when
> you go to http://1113332805 ?
>
> the fact the the site is reached but that it's IP and real domain name is
> not displayed by PIE (and IE) is, in itself, a security issue.
>
>> --
>>
>>
>> --
>> Werner "Menneisyys" Ruotsalainen - Microsoft MVP - Windows - Mobile
>> Devices
>> Please see the Pocket PC Mag Expert Blog (including mine) at
>> http://www.pocketpcmag.com/blogs/ - you will definitely like it.
>>
>>
>>>i don't understand why PIE (and IE too, by the way) accepts URL's like
>>>http://1113332805 which, according to RFC 1738, are not legal syntax.
>>>
>>> try http://1113332805 on any Pocket PC or Smartphone (or on your
>>> desktop), and you'll see that it goes somewhere.
>>>
>>> where does it go? well, i have not investigated the exact location of
>>> this server, but i know it is used by scammers/phishers, as you can see
>>> here: http://1113332805/.us/cgi-bin/
>>>
>>> this PIE/IE bug is exploited by scammers, so MSFT, by not fixing it, is
>>> playing their game...
>>>
>>>
>>>
>>
>>
>
>




Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap