WebApp Sec mailing list archives
Re: Redirection obfuscation in FF and NS
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Mon, 20 Mar 2006 16:35:19 -0800
These guys are lucky: http://www.archives.gov/federal-register/cfr/ibr-locations.html Try the following URL http://www.microsoft.com@_ It should take you to the National ARchives website :) On 3/20/06, RSnake <rsnake () shocking com> wrote:
This actually isn't using the username:password@ trick (which pops up a warning in Firefox). This is using malformed URL which is then sent through Firefox's search engine. Slightly different, but same effect, assuming you own the search term. On Mon, 20 Mar 2006, Saqib Ali wrote:http://www.visa.com@rsnake and http://rsnake:www.visa.comDeja Vu.... hmm. this is pretty old stuff. MS fixed it in 2005 in their browsers. See http://support.microsoft.com/default.aspx?scid=kb;[LN];834489 -- Saqib Ali, CISSP http://www.xml-dev.com/blog/ "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15-R
-- Saqib Ali, CISSP http://www.xml-dev.com/blog/ "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Redirection obfuscation in FF and NS RSnake (Mar 20)
- Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)
- Re: Redirection obfuscation in FF and NS RSnake (Mar 20)
- Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)
- Re: Redirection obfuscation in FF and NS RSnake (Mar 20)
- Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)