HTTP/HTTPS Port-Blocking in WinINET

Internet Explorer (actually, WinINET, the network stack beneath IE) prohibits use of certain ports for HTTP(S) connections. The intent of this blocking is to prevent Cross Service/Protocol Request Forgery attacks. For instance, an attacker could use a HTML form to send a request to an unprotected mail server such that the mail server interprets the request as a valid (albeit poorly-formatted) request to…

0