{
	"id": "14f0018a-e3f8-4216-8e60-55c8c1faca21",
	"created_at": "2026-04-06T02:11:47.029971Z",
	"updated_at": "2026-04-10T03:20:30.503808Z",
	"deleted_at": null,
	"sha1_hash": "74cb8f2fd5d57ea783c76cf58c891a24b025352b",
	"title": "Preparing for uniform resource identifier (URI) exploits",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 467718,
	"plain_text": "Preparing for uniform resource identifier (URI) exploits\r\nBy Michael Cobb\r\nPublished: 2007-10-11 · Archived: 2026-04-06 01:49:05 UTC\r\nBy\r\nMichael Cobb\r\nPublished: 11 Oct 2007\r\nMost people using the Internet know what a Web address is, or at least use the term as a non-technical synonym\r\nfor a URL or uniform resource locator: a string of characters used to identify a resource and a means of locating it.\r\nA URL is, in fact, a subset of uniform resource identifiers, or URIs. URIs use a defined syntax to provide a simple\r\nand extensible means for recognizing and accessing an Internet resource. The identifiers can do so without regard\r\nto the application or platform used. The URI syntax is essentially a URI scheme name, such as 'http' (Hypertext\r\nTransfer Protocol), followed by a colon and then a scheme-specific part. For example, the URL:\r\nhttp://www.microsoft.com/en/us/default.aspx\r\n…is a URI that identifies the resource of Microsoft's home page. The identifier also confirms that the page can be\r\nlocated using HTTP from a network host named www.microsoft.com.\r\nMozilla developers often use a URI that begins with 'rdf,' which enables access to a particular datasource. The\r\nURI 'rdf:history,' for example, returns the datasource that holds information related to a user's browsing history.\r\nURIs are also used to launch an application from within a browser. During the installation process, browsers\r\nautomatically store, or register, various URL protocol handlers, such as mailto and nntp, in the Windows registry.\r\nEach of these protocol handlers is associated with an application so that the browser launches appropriate software\r\nwhen requested. So, clicking on a Web link that begins \"aim:goim,\" for example, will open an AIM instant\r\nmessage window.\r\nAlthough this functionality helps make interaction between applications less complicated for the user, many\r\nsoftware developers do not fully understand the complexity of URIs and the possible consequences of placing\r\nhttps://www.techtarget.com/searchsecurity/tip/Preparing-for-uniform-resource-identifier-URI-exploits\r\nPage 1 of 5\n\nthem into the registry. Basically, a URI handler is going to increase the attack surface of an application. Let's look\r\nat why this is.\r\nSecurity expert Thor Larholm recently highlighted an interesting fact about Firefox. When the browser is installed,\r\nit registers a URL protocol handler called \"FirefoxURL,\" which potentially allows a URI in a Web page to launch\r\nFirefox. Because of the way in which the URL handler is registered, Windows cannot tell what type of input or\r\nrequest is valid. So when Internet Explorer encounters a reference to content inside the FirefoxURL URL scheme,\r\nit calls the ShellExecute command and passes the entire request URI without any input validation. That means\r\nthere is no check on the data being passed to the ShellExecute command. By crafting a malicious URL, an\r\nattacker can then pass arguments, parameters and data to an external application that will run when the requested\r\nURI is loaded. The malicious link can be embedded in a Web site or sent via an HTML email.\r\nFor more information on URI security\r\nLearn more about Mozilla Firefox's input validation error. \r\nCommon handlers can possibly be exploited with 'a single unexpected URI.' See how.\r\nShould we be scaling back our Web browser security expectations?\r\nThough Mozilla Corp. has released a patch, URI problems are not solely browser issues. Researchers Billy Rios\r\nand Nathan McFeters claim to have discovered a \"functionality-based exploitation.\" Using the legitimate features\r\nof a popular software program launched via the protocol handler, the two claim to have found a way to steal data\r\nfrom a victim's computer and upload it to a remote server.\r\nSuch URI exploits are going to start a fresh round of problems for developers and users alike. Developers need to\r\nassess whether their applications really warrant the registering of a URI. Any application that registers an\r\nidentifier needs to validate and sanitize any input. If attackers can execute applications using the exploit technique,\r\nthey will be doing so with the privileges of the targeted user.\r\nURI schemes are a valuable resource and are intended only to address information spaces that are globally useful.\r\nDevelopers who create new URI schemes to address spaces which are not useful to the Web in general, which\r\naren't registered, or which break some axioms of Web architecture, are also creating another exploit for hackers to\r\nuse.\r\nThe best way to protect against a possible URI attack is to install a browser vendor's latest fixes. Network\r\nadministrators should remind their users to never follow links from untrusted sources or open unsolicited HTML\r\nemail. The attack relies on user interaction, so for such an attack to be successful, the victim needs to follow a link\r\nto a malicious site or open a malicious email. Finally, security professionals must ensure that users' accounts only\r\nhave the minimum access rights that are necessary for them to do their work.\r\nhttps://www.techtarget.com/searchsecurity/tip/Preparing-for-uniform-resource-identifier-URI-exploits\r\nPage 2 of 5\n\nAbout the author:\r\nMichael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy\r\nthat offers IT training and support in data security and analysis. He co-authored the book IIS Security and has\r\nwritten numerous technical articles for leading IT publications. Mike is the guest instructor for several\r\nSearchSecurity.com Security Schools and, as a SearchSecurity.com site expert, answers user questions on\r\napplication security and platform security.\r\nDig Deeper on Application and platform security\r\nWhat is a uniform resource identifier (URI)?\r\nBy: Rahul Awati\r\nWhat is a unique identifier (UID)?\r\nhttps://www.techtarget.com/searchsecurity/tip/Preparing-for-uniform-resource-identifier-URI-exploits\r\nPage 3 of 5\n\nBy: Gavin Wright\r\nWhat is a URL (Uniform Resource Locator)?\r\nBy: Jessica Scarpati\r\nhttps://www.techtarget.com/searchsecurity/tip/Preparing-for-uniform-resource-identifier-URI-exploits\r\nPage 4 of 5\n\nTop REST API URL naming convention standards\r\nBy: Raghu Karan Adapala\r\nSource: https://www.techtarget.com/searchsecurity/tip/Preparing-for-uniform-resource-identifier-URI-exploits\r\nhttps://www.techtarget.com/searchsecurity/tip/Preparing-for-uniform-resource-identifier-URI-exploits\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.techtarget.com/searchsecurity/tip/Preparing-for-uniform-resource-identifier-URI-exploits"
	],
	"report_names": [
		"Preparing-for-uniform-resource-identifier-URI-exploits"
	],
	"threat_actors": [],
	"ts_created_at": 1775441507,
	"ts_updated_at": 1775791230,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/74cb8f2fd5d57ea783c76cf58c891a24b025352b.pdf",
		"text": "https://archive.orkl.eu/74cb8f2fd5d57ea783c76cf58c891a24b025352b.txt",
		"img": "https://archive.orkl.eu/74cb8f2fd5d57ea783c76cf58c891a24b025352b.jpg"
	}
}