lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 16 Oct 2004 20:58:58 -0000 From: "http-equiv@...ite.com" <1@...ware.com> To: <bugtraq@...urityfocus.com> Subject: Re: [IE 6 SP2] Possible URL Spoofing <!-- javascript:document.write("<iframe src='http://www.google.com' width='100%' height='100%'></iframe>"); --> This is representative of a generic cross-site-scripting situation. The homepage idea is a good one, but to date it seems impossible to break the silly security warning. From a site aspect you just need a 'hole' to penetrate and effect your code. oh dear...perhaps like this one: http://www.malware.com/dload.html -- http://www.malware.com