Home page logo

bugtraq logo Bugtraq mailing list archives

about bid 17404
From: crack () rome com
Date: 21 Jul 2006 13:30:13 -0000


If you modify the code in bid 17404 in such a way:

win = window.open('http://server/prova.zip','new')
pause (2000)

the user will see the page opening of correct site, and then download alert from original file site (server)
Obviusly the alert form show the real, but if no dns resolution is provided i think that the middle user should try to 
download the file trusting web browser page. 
This is just a gonzo pishing but probably usable in the wild. 


  By Date           By Thread  

Current thread:
  • about bid 17404 crack (Jul 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]