RE: Internet Explorer URL parsing vulnerability

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Internet Explorer URL parsing vulnerability
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Tue, 9 Dec 2003 22:52:06 -0000
Cc: <full-disclosure@xxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: 1@xxxxxxxxxxx


The following works on Outlook Express 6 latest everything. Running 
on XP.

http://cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00249.html

09% pushes malware.com out of sight in the task bar, and %01 leaves 
microsoft.com intact in the address bar:

<A 
href="http://www.microsoft.com%01%09%09%09%09%09%09%
09@xxxxxxxxxxxxxxx">religious 
software</A>

Certainly will add a new flavour to the ever increasing methods of 
trickery. Now all we need to do is spoof the file download name on 
an *.exe and away we go.


-- 
http://www.malware.com

Prev by Date: NetGear WAB102
Next by Date: Re: Dell BIOS DoS
Previous by thread: RE: Internet Explorer URL parsing vulnerability
Next by thread: RE: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread