Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
From: Bipin Gautam <gautam.bipin () gmail com>
Date: Sat, 22 Oct 2005 00:06:28 +0545

On 10/21/05, Jake Cole <jakecoleus () yahoo com> wrote:
In "Billy's" defense, this is expected in most
JavaScript-enabled browsers.

Here's a Firefox version:

<a href="http://microsoft.com";
onClick="window.setTimeout('document.write(unescape(\'%3cscript%3ewindow.location=%27http://google.com%27%3c/script%3e\&apos;))')">Microsoft</a>



I really don't know what to EXACTLY call it... yap it can be used in
PISHING; cauz a few weeks back I was thinking this  EXACT same thing.
GOT the idea from 'http://vmyths.com/&apos; ither is a page(news pade i
guess) there its sectioned and two different websites are displayed.
(O;
--

Bipin Gautam
http://bipin.tk

Zeroth law of security: The possibility of poking a system from lower
privilege is zero unless & until there is possibility of direct,
indirect or consequential communication between the two...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault