lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat Oct 22 17:19:54 2005
From: billy.rios at gmail.com (Billy Rios)
Subject: New (19.10.05) MS-IE Url Spoofing bug (by
	K-Gen).

Interesting.... I'm curious as to what kind of validation is used on the
"onClick=" parameter when it's used in an HREF tag.
 On a side note, I recently came across something similar to the
nicesite@...lsite.com phishing trick. The url below demonstrates the
vulnerability:
 http://any-site-here.com+www.seclists.org
 As you can see... the URL above will direct the user to
seclists.org<http://seclists.org>.
I'm guessing this has more to do with the way DNS handles the request as
opposed to browser vulnerabilities. It could be used for phishing attacks
though.....
 BK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051021/a8bdb155/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ