lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200312092252.hB9Mq6ST012692@web6.megawebservers.com> From: 1 at malware.com (http-equiv@...ite.com) Subject: RE: Internet Explorer URL parsing vulnerability The following works on Outlook Express 6 latest everything. Running on XP. http://cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00249.html 09% pushes malware.com out of sight in the task bar, and %01 leaves microsoft.com intact in the address bar: <A href="http://www.microsoft.com%01%09%09%09%09%09%09% 09@....malware.com">religious software</A> Certainly will add a new flavour to the ever increasing methods of trickery. Now all we need to do is spoof the file download name on an *.exe and away we go. -- http://www.malware.com