Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).
From: Billy Rios <billy.rios () gmail com>
Date: Fri, 21 Oct 2005 13:52:26 -0600

Interesting.... I'm curious as to what kind of validation is used on the
"onClick=" parameter when it's used in an HREF tag.
 On a side note, I recently came across something similar to the
nicesite () evilsite com phishing trick. The url below demonstrates the
 As you can see... the URL above will direct the user to
I'm guessing this has more to do with the way DNS handles the request as
opposed to browser vulnerabilities. It could be used for phishing attacks
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]