Proxy bypass in Opera : security related ?

• Previous message: Matthias Kerstner: "AW: IE Denial of service (sorta)"
• Next in thread: maillist: "Re: Proxy bypass in Opera : security related ?"
• Reply: maillist: "Re: Proxy bypass in Opera : security related ?"
• Reply: Valdis.Kletnieksat_private: "Re: Proxy bypass in Opera : security related ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

while I was trying to bypass some URL filtering software using specially formated URLs, I found a problem
in the Opera browser.

This bug was reported to Opera via their bug notification form, but I haven't receive any response so far.

Details :
======

When the URL http://3638218280/ is requested, Opera will try to fetch to page located at
http://216.218.206.40/ (normal DWord to IP address conversion [1]) *without* using the configured
proxy settings.

Scenario :
=========

I haven't any really interesting scenario for this bug.
Yes, it's possible to make a user follow a link and get a page without using the configured proxy, but if,
in a company, there's a proxy and a way to fetch web pages without using the proxy, the problem is,
in my opinion, a security policy problem ....


Does anybody see any security implication for this bug ? 


Nicolas Grégoire [2]


[1] : http://www.fichtner.net/tools/ip2dword/
[2] : Please excuse my poor english

 

• Next message: BAILLEUX Christophe: "Proof of concept for the format bug in Ettercap 0.6.2"
• Previous message: Matthias Kerstner: "AW: IE Denial of service (sorta)"
• Next in thread: maillist: "Re: Proxy bypass in Opera : security related ?"
• Reply: maillist: "Re: Proxy bypass in Opera : security related ?"
• Reply: Valdis.Kletnieksat_private: "Re: Proxy bypass in Opera : security related ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 05 2001 - 09:32:34 PST