Hmm, it doesn't seem to work on my browser :)
I don't even get transported to any page when i click the button.
But then again, i have everything turned off in the internet zone by default...
(but my submit non-encrypted form data is on)
Does it really work then? it looks like it's using _javascript_...? (location.href)
Merry Christmas everyone :)
--__--__--
Message: 1
Date: Tue, 9 Dec 2003 10:22:59 -0800 (PST)
From: S G Masood <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
LOL. This is so simple and dangerous, it almost made
me laugh and cry at the same time. Most of you will
realise why...;D
The Paypal, AOL, Visa, Mastercard, et al email
scammers will have a harvest of gold this month with
lots of zombies falling for this simple technique.
># POC ##########
>http://www.zapthedingbat.com/security/ex01/vun1.htm
Dont be surprised if your latest download from
http://www.microsoft.com turns out to be a trojan!
location.href="" href="http://[EMAIL PROTECTED]);" TARGET="_blank">http://[EMAIL PROTECTED]);
--
S.G.Masood
Hyderabad,
India
PS: One more thing - no scripting required to exploit this.
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
This email is confidential and privileged. If you are not the intended recipient, you must not view, disseminate, use or copy this email. Kindly notify the sender immediately, and delete this email from your system. Thank you.
Please visit our website at www.starhub.com
