Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [IE 6 SP2] Possible URL Spoofing
From: "http-equiv () excite com" <1 () malware com>
Date: Sat, 16 Oct 2004 21:00:05 -0000



<!-- 

javascript:document.write("<iframe src='http://www.google.com&apos; 
width='100%' height='100%'></iframe>"); 

 -->

This is representative of a generic cross-site-scripting 
situation. The homepage idea is a good one, but to date it seems 
impossible to break the silly security warning. From a site 
aspect you just need a 'hole' to penetrate and effect your code.
 
oh dear...perhaps like this one:

http://www.malware.com/dload.html


-- 
http://www.malware.com





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • Re: [IE 6 SP2] Possible URL Spoofing http-equiv () excite com (Oct 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]