[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Notes: COELACANTH: Phreak Phishing Expedition

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Notes: COELACANTH: Phreak Phishing Expedition
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Thu, 10 Jun 2004 23:48:04 -0000


Let me add some notes to this:

1. Placing microsoft.com in the so-called 'trusted zone', will 
render the site contents of e-gold.com in the 'trusted zone'

2. Opera fails, Mozilla functions

3. While it may appear to be related to the html form, the same 
can be achieved with a normal href or normal submit type html 
form:

<a href="http://www.malware.com%2F redir=www.e-gold.com">test</a>

4. %2F may not be an actual requirement as that might only be 
site specific

5. So far no other server or domain other than e-gold on IIS 4 
found [at least from here]

<a href="http://www.microsoft.com%2F redir=www.e-
gold.com">test</a>

 
-- 
http://www.malware.com












_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!
Next by Date: [Full-Disclosure] RE: COELACANTH: Phreak Phishing Expedition]
Previous by thread: RE: [Fwd: [Full-Disclosure] COELACANTH: Phreak Phishing Expedition]
Next by thread: [Full-Disclosure] RE: COELACANTH: Phreak Phishing Expedition]
Index(es):
- Date
- Thread