On Sun, Jan 11, 2004 at 12:17:23PM -0500, Exibar wrote: > > > > > This really long 'form action' item > > http://www.citibank.com:achaaa9uwdtyazjwvwaaaa9p398haaa9uwdtyazjwv > > waboundpyw > > wgc2l6zt00pjxtvgc2l6zt00pjxywwgc2l6zt00pjxt398haaa9uwdtyazjwvwaaou > > ndpywwgc2l > > [EMAIL PROTECTED]/login/form.php > > > The above http: line doesn't make use of the 0x01 exploit. In order to make > use of that exploit, you NEED "0x01" in there just before the @ symbol.
Yes, however this is the link from the 'fake' page. The distributed pishing e-mail (which I also received) does contain 0x01 character at the proper place, on the 'Click here to login' link directing users to this login page. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
