Full Disclosure: RE: Is there a 0day vuln in this phisher's site?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

RE: Is there a 0day vuln in this phisher's site?

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Sun, 30 Jan 2005 07:43:25 -0500

Yep, this is a straight copy of my example posted here:
http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie
I have seen a few other phish in the wild using this exploit too.


So have I. Not to diminish the importance of the attack, but this
assumes the default placement of Address Bar if I'm not mistaken, so if
the user changes their toolbar layout the popup will give itself away,
correct? 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer () ziffdavis com 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Is there a 0day vuln in this phisher's site? lists-security (Jan 29)
- RE: Is there a 0day vuln in this phisher's site? Paul Kurczaba (Jan 29)
  - RE: Is there a 0day vuln in this phisher's site? lists-security (Jan 29)
    - Re: Is there a 0day vuln in this phisher's site? morning_wood (Jan 30)
  - Re: Is there a 0day vuln in this phisher's site? Andrew Clover (Jan 30)
    - RE: Is there a 0day vuln in this phisher's site? Larry Seltzer (Jan 30)
    - Re: Is there a 0day vuln in this phisher's site? Thierry Zoller (Jan 30)
    - Re: Is there a 0day vuln in this phisher's site? Andrew Clover (Jan 30)