lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <328a52f70508010842745a5246@mail.gmail.com>
Date: Mon Aug  1 16:42:54 2005
From: traqbug at gmail.com (Bug Traq)
Subject: Weird URL

Doesn't work in IE though

On 8/1/05, Vincent van Scherpenseel <mailinglists@...scherpenseel.nl> wrote:
> On Monday 01 August 2005 17:26, Bug Traq wrote:
> > Paste this URL in a firefox browser address bar and see what happens.
> > http://https/;//gmail.google.com
> >
> > Anyone know why?
> 
> Yes, Firefox uses Google's "I'm feeling lucky" feature to redirect users who
> enter a word in the address bar which does not exist. The only part needed to
> be redirected to paypal.com is http://https
> 
> If you shorten that just a little bit (to http://http) you'll arrive at
> www.microsoft.com (that's kind of ironic even ;).
> 
> Now try looking up the words https and http on Google and see which websites
> are at rank 1 :)
> 
> This feature could be exploited by malicious people though: by crafting a
> phishing mail with the url: http://http://www.abnamro.com people arrive at
> Microsoft's website instead of the site of the ABN Amro bank. Now what if
> someone replaces the second http with a keyword which links to a malicious
> ranked-1 site in Google? In combination with Google ranking abuse tricks this
> could pose a serious threat to Average Joe.
> 
>  - Vincent van Scherpenseel
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ