COELACANTH: Phreak Phishing Expedition

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: COELACANTH: Phreak Phishing Expedition
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Thu, 10 Jun 2004 20:34:05 -0000
Cc: <NTBugtraq@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: 1@xxxxxxxxxxx


Thursday, June 10, 2004

The following was presented by 'bitlance winter' of Japan today:

<a href="http://www.microsoft.com%2F redir=www.e-
gold.com">test</a>

Quite inexplicable from these quarters. Perhaps someone with 
server 'knowledge' can examine it.

It carries over the address into the address bar:

[screen shot: http://www.malware.com/gosh.png 72KB]

while redirecting to egold. The key being %2F without that it 
fails. The big question is where is the 'redir' and why is it 
only applicable [so far] to e-gold. Other sites don't work and e-
gold is running an old Microsoft-IIS/4.0.

Working Example:

http://www.malware.com/golly.html


credit: 'bitlance winter'


End Call

-- 
http://www.malware.com

Prev by Date: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection
Next by Date: Multiple Antivirus Scanners DoS attack.
Previous by thread: PHP escapeshellarg Windows Vulnerability
Next by thread: Multiple Antivirus Scanners DoS attack.
Index(es):
- Date
- Thread