Notes: COELACANTH: Phreak Phishing Expedition

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Notes: COELACANTH: Phreak Phishing Expedition
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Thu, 10 Jun 2004 23:47:35 -0000
Cc: <NTBugtraq@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: 1@xxxxxxxxxxx


Let me add some notes to this:

1. Placing microsoft.com in the so-called 'trusted zone', will 
render the site contents of e-gold.com in the 'trusted zone'

2. Opera fails, Mozilla functions

3. While it may appear to be related to the html form, the same 
can be achieved with a normal href or normal submit type html 
form:

<a href="http://www.malware.com%2F redir=www.e-gold.com">test</a>

4. %2F may not be an actual requirement as that might only be 
site specific

5. So far no other server or domain other than e-gold on IIS 4 
found [at least from here]

<a href="http://www.microsoft.com%2F redir=www.e-
gold.com">test</a>

 
-- 
http://www.malware.com

Prev by Date: RE: COELACANTH: Phreak Phishing Expedition]
Next by Date: [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability
Previous by thread: RE: COELACANTH: Phreak Phishing Expedition]
Next by thread: [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability
Index(es):
- Date
- Thread