Network Security: Detailed info on RE: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

RE: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).

from [Billy Rios] Network Security

[Permanent Link]

Subject:	RE: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).
Date:	Fri, 21 Oct 2005 13:52:26 -0600

Interesting.... I'm curious as to what kind of validation is used on the
"onClick=" parameter when it's used in an HREF tag.
 On a side note, I recently came across something similar to the
nicesite@evilsite.com phishing trick. The url below demonstrates the
vulnerability:
 http://any-site-here.com+www.seclists.org
 As you can see... the URL above will direct the user to
seclists.org<http://seclists.org>.
I'm guessing this has more to do with the way DNS handles the request as
opposed to browser vulnerabilities. It could be used for phishing attacks
though.....
 BK

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen)., Todd Towles Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen)., sic, das CSIRT der Universitaet Dortmund RE: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen)., Billy Rios <=

Previous by Date:	[Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., K-Gen Gen
Next by Date:	[Full-disclosure] Different signatures on mirror sites for ethereal 0.10.13, Rein van Koten
Previous by Thread:	Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen)., sic, das CSIRT der Universitaet Dortmund
Next by Thread:	[Full-disclosure] SCOSA-2005.42 Xpdf PDF Viewer Multiple Vulnerabilities, security
Indexes:	[Date] [Thread] [Top] [All Lists]