Re: Redirection obfuscation in FF and NS

["Saqib Ali" <docbook.xml () gmail com>]

These guys are lucky:
http://www.archives.gov/federal-register/cfr/ibr-locations.html

Try the following URL
http://www.microsoft.com@_
 It should take you to the National ARchives website :)


On 3/20/06, RSnake <rsnake () shocking com> wrote:
>         This actually isn't using the username:password@ trick (which
> pops up a warning in Firefox).  This is using malformed URL which is
> then sent through Firefox's search engine.  Slightly different, but same
> effect, assuming you own the search term.
>
> On Mon, 20 Mar 2006, Saqib Ali wrote:
>
> > >        http://www.visa.com@rsnake
> > >        and
> > >        http://rsnake:www.visa.com
> >
> > Deja Vu....
> >
> > hmm. this is pretty old stuff.
> >
> > MS fixed it in 2005 in their browsers.
> > See
> > http://support.microsoft.com/default.aspx?scid=kb;[LN];834489
> >
> > --
> > Saqib Ali, CISSP
> > http://www.xml-dev.com/blog/
> > "I fear, if I rebel against my Lord, the retribution of an Awful Day
> > (The Day of Resurrection)" Al-Quran 6:15
>
>
> -R


--
Saqib Ali, CISSP
http://www.xml-dev.com/blog/
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------