Hi, I don't know if that's a problem caused only by Opera, I found that 'bug' surfing with IE (6.0) too. Trying to acces diffrent web pages, some of them listed my real IP address insted of proxy address. (e.g. trying to make an account at www.ifriends.com). It might be a 'bug' in Opera/IE or a 'high security' web page. ----- Original Message ----- From: "Nicolas Gregoire" <ngregoireat_private> To: <vuln-devat_private> Sent: Wednesday, December 05, 2001 11:22 AM Subject: Proxy bypass in Opera : security related ? > Hi, > > while I was trying to bypass some URL filtering software using specially formated URLs, I found a problem > in the Opera browser. > > This bug was reported to Opera via their bug notification form, but I haven't receive any response so far. > > Details : > ====== > > When the URL http://3638218280/ is requested, Opera will try to fetch to page located at > http://216.218.206.40/ (normal DWord to IP address conversion [1]) *without* using the configured > proxy settings. > > Scenario : > ========= > > I haven't any really interesting scenario for this bug. > Yes, it's possible to make a user follow a link and get a page without using the configured proxy, but if, > in a company, there's a proxy and a way to fetch web pages without using the proxy, the problem is, > in my opinion, a security policy problem .... > > > Does anybody see any security implication for this bug ? > > > Nicolas Grégoire [2] > > > [1] : http://www.fichtner.net/tools/ip2dword/ > [2] : Please excuse my poor english > > > > > >
This archive was generated by hypermail 2b30 : Wed Dec 05 2001 - 12:04:47 PST