Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: Phishing
From: "E.Kellinis" <me () cipher org uk>
Date: Sat, 15 May 2004 04:47:52 +0100

Phising is interesting, 
some applications allow you to do other tricks as well , 

if you have this in a webpage
[a href="https://rehpic:www.cnn.com"]CNN[/a]
Mozilla(firefox 8.0) instead of throwing an error 
it will through you into the "I am Feeling lucky" result of google
which is my website in this case

so guess what ...

You wait until google adds you into the database 
You find some specific keywords for your website 
(which you make to look innocent ) 
and then you can totaly fake the destination URL

if you have "cnnSSL" somewhere in your website
you can make the url look very real (you can use https as well)
https://SSL:www.cnn.com

manos

=========================================================
*PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt
=========================================================


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault