New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 731745 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 703750
Owner: ----
Closed: Jun 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security
Team-Security-UX



Sign in to add a comment

URL Spoofing via latin dotless i with dot above

Reported by rayyan...@gmail.com, Jun 9 2017

Issue description

https://www.xn--gmal-nza43z.com/ (does not show in punnycode)

What went wrong?
By adding "ı̇" we can actually spoof the URL 

More info:

(latin small letter dotless i with dot above)
 
<U+0131, U+0307>


 
Cc: js...@chromium.org
Components: UI>Security>UrlFormatting UI>Internationalization
Summary: URL Spoofing via latin dotless i with dot above (was: URL Spoofing )
Repro's in Chrome 58, but does not in Chrome 61, suggesting that this was fixed by one of the many recent changes in this area.
Mergedinto: 703750
Status: Duplicate (was: Unconfirmed)
Indeed, this was addressed in https://chromium.googlesource.com/chromium/src/+/a586e96794b89bef4729b33369b8c2035564d376

Comment 3 Deleted

I think the bug doesn't reproduce in 61 because the dotless i (  Issue 703750  ) is fixed. However, we can still spoof the URL with i and a dot. Can you check if this reproduces in Chrome 61?

http://xn--gmail-bgd.com/ (latin small letter i with dot above)
PoC.png
14.3 KB View Download
PoC1.png
4.7 KB View Download
The URL mentioned in #4 renders in Punycode.
Project Member

Comment 6 by sheriffbot@chromium.org, Sep 16 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: idn-spoof

Sign in to add a comment