[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

COELACANTH: Phreak Phishing Expedition

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: COELACANTH: Phreak Phishing Expedition
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Thu, 10 Jun 2004 20:34:05 -0000


Thursday, June 10, 2004

The following was presented by 'bitlance winter' of Japan today:

<a href="http://www.microsoft.com%2F redir=www.e-
gold.com">test</a>

Quite inexplicable from these quarters. Perhaps someone with 
server 'knowledge' can examine it.

It carries over the address into the address bar:

[screen shot: http://www.malware.com/gosh.png 72KB]

while redirecting to egold. The key being %2F without that it 
fails. The big question is where is the 'redir' and why is it 
only applicable [so far] to e-gold. Other sites don't work and e-
gold is running an old Microsoft-IIS/4.0.

Working Example:

http://www.malware.com/golly.html


credit: 'bitlance winter'


End Call

-- 
http://www.malware.com

Prev by Date: RE: Linksys WRT54G - Advice for european users
Next by Date: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection
Previous by thread: PHP escapeshellarg Windows Vulnerability
Next by thread: Antivirus/Trojan/Spyware scanners DoS [summary]
Index(es):
- Date
- Thread