[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Using HTML errors to steal MySpace accounts

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Using HTML errors to steal MySpace accounts
From: batchwork@xxxxxxxx
Date: Fri, 26 May 2006 05:02:00 +0200 (CEST)

If you post a bulltin with the following content, a Box will appear above the
bulletin for the reading users. Easy to blurb something about a MySpace
Security Center and lead the user to a fake site where they need to input
email adresses and passwords:

-
This is a bulletin, and it looks pretty nice.</td>Everything after the tag 
will appear ABOVE the bulletin.
-

Greetings,
Batchwork

--
freemail adverts:

Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig
und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur  44,85 ?  inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] XSS Vector at www.emopunk.de
Next by Date: [Full-disclosure] ASLR now built into Vista
Previous by thread: [Full-disclosure] XSS Vector at www.emopunk.de
Next by thread: [Full-disclosure] ASLR now built into Vista
Index(es):
- Date
- Thread