Full Disclosure mailing list archives

COELACANTH: Phreak Phishing Expedition

From: "http-equiv () excite com" <1 () malware com>
Date: Thu, 10 Jun 2004 20:35:03 -0000



Thursday, June 10, 2004

The following was presented by 'bitlance winter' of Japan today:

<a href="http://www.microsoft.com%2F redir=www.e-
gold.com">test</a>

Quite inexplicable from these quarters. Perhaps someone with 
server 'knowledge' can examine it.

It carries over the address into the address bar:

[screen shot: http://www.malware.com/gosh.png 72KB]

while redirecting to egold. The key being %2F without that it 
fails. The big question is where is the 'redir' and why is it 
only applicable [so far] to e-gold. Other sites don't work and e-
gold is running an old Microsoft-IIS/4.0.

Working Example:

http://www.malware.com/golly.html


credit: 'bitlance winter'


End Call

-- 
http://www.malware.com






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

COELACANTH: Phreak Phishing Expedition http-equiv () excite com (Jun 10)
- RE: COELACANTH: Phreak Phishing Expedition Larry Seltzer (Jun 10)
  - RE: COELACANTH: Phreak Phishing Expedition Scott Phelps (Jun 10)
  - Re: COELACANTH: Phreak Phishing Expedition Andrew Clover (Jun 10)
- <Possible follow-ups>
- RE: COELACANTH: Phreak Phishing Expedition Thor Larholm (Jun 10)
- RE: RE: COELACANTH: Phreak Phishing Expedition Sandro Gauci (Jun 11)