--- Exibar <[EMAIL PROTECTED]> wrote: > my favorite will be this one that I'm sure will > circulate: > > http://[EMAIL PROTECTED] > > :-)
http://[EMAIL PROTECTED] wont work until you unescape('http://[EMAIL PROTECTED]'); > > ----- Original Message ----- > From: "S G Masood" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, December 09, 2003 1:22 PM > Subject: [Full-Disclosure] RE: FWD: Internet > Explorer URL parsing > vulnerability > > > > > > LOL. This is so simple and dangerous, it almost > made > > me laugh and cry at the same time. Most of you > will > > realise why...;D > > The Paypal, AOL, Visa, Mastercard, et al email > > scammers will have a harvest of gold this month > with > > lots of zombies falling for this simple technique. > > > > ># POC ########## > > > >http://www.zapthedingbat.com/security/ex01/vun1.htm > > > > Dont be surprised if your latest download from > > http://www.microsoft.com turns out to be a trojan! > > > > > location.href=unescape('http://[EMAIL PROTECTED] > eviltrojanfromme.com); > > > > > > -- > > S.G.Masood > > > > Hyderabad, > > India > > > > PS: One more thing - no scripting required to > exploit this. > > > > __________________________________ > > Do you Yahoo!? > > Free Pop-Up Blocker - Get it now > > http://companion.yahoo.com/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > > > > __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
