Re: [IE 6 SP2] Possible URL Spoofing

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: [IE 6 SP2] Possible URL Spoofing
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Sat, 16 Oct 2004 20:58:58 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: 1@xxxxxxxxxxx


<!-- 

javascript:document.write("<iframe src='http://www.google.com' 
width='100%' height='100%'></iframe>"); 

 -->

This is representative of a generic cross-site-scripting 
situation. The homepage idea is a good one, but to date it seems 
impossible to break the silly security warning. From a site 
aspect you just need a 'hole' to penetrate and effect your code.
 
oh dear...perhaps like this one:

http://www.malware.com/dload.html


-- 
http://www.malware.com

Prev by Date: iDEFENSE Security Advisory 10.18.04: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability
Next by Date: Re: Directory traversal in Yak! 2.1.2
Previous by thread: Re: [IE 6 SP2] Possible URL Spoofing
Next by thread: RE: [IE 6 SP2] Possible URL Spoofing
Index(es):
- Date
- Thread