|
Bugtraq
mailing list archives
RE: Internet Explorer URL parsing vulnerability
From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 9 Dec 2003 22:52:06 -0000
The following works on Outlook Express 6 latest everything. Running
on XP.
http://cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00249.html
09% pushes malware.com out of sight in the task bar, and %01 leaves
microsoft.com intact in the address bar:
<A
href="http://www.microsoft.com%01%09%09%09%09%09%09%
09 () www malware com">religious
software</A>
Certainly will add a new flavour to the ever increasing methods of
trickery. Now all we need to do is spoof the file download name on
an *.exe and away we go.
--
http://www.malware.com
 By Date 
By Thread
Current thread:
RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
RE: Internet Explorer URL parsing vulnerability Lance James (Dec 10)
RE: Internet Explorer URL parsing vulnerability Mimmus (Dec 11)
|
Intro
