WebApp Sec mailing list archives
Redirection obfuscation in FF and NS
From: RSnake <rsnake () shocking com>
Date: Mon, 20 Mar 2006 13:56:04 -0800 (PST)
ID and I were playing around with some weird redirection obfuscation and came across these a few days ago (works in latest version of Firefox and Netscape on untrusted site settings). Sorry that this is a little ho-hum but it's probably worth documenting: http://www.visa.com@rsnake and http://rsnake:www.visa.com This seems like something that could confuse users. This is the same old "feeling lucky" stuff built into browsers. Not so much a hack as just confusing behavior to users which could lead to unintended redirection and potentially more sucessful phishing attacks. This relies on being the #1 page rank in something, but that is pretty easy with obscure search terms. -RSnake http://ha.ckers.org/xss.html ------------------------------------------------------------------------- This List Sponsored by: SpiDynamicsALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Redirection obfuscation in FF and NS RSnake (Mar 20)
- Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)
- Re: Redirection obfuscation in FF and NS RSnake (Mar 20)
- Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)
- Re: Redirection obfuscation in FF and NS RSnake (Mar 20)
- Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)