Full Disclosure mailing list archives
RE: RE: FWD: Internet Explorer URL parsing vulnerability
From: "Chris S" <muti () afterglo ws>
Date: Tue, 9 Dec 2003 15:17:12 -0700
<a href="http://www.citibank.com" onClick="location.href=unescape('http://www.citibank.com%01@www.wellsfargo.c om'); return false;">Citibank</a> will show http://www.citibank.com in the status and location bar but direct them to wells fargo. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Clint Bodungen Sent: Tuesday, December 09, 2003 2:30 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] RE: FWD: Internet Explorer URL parsing vulnerability However, using this approach still allows the user to see the absolute URL path in the task bar (with the %01 ommitted). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S . f . Stover (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Jeremiah Cornelius (Dec 09)
- <Possible follow-ups>
- FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- RE: RE: FWD: Internet Explorer URL parsing vulnerability Chris S (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Michal Zalewski (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: FWD: Internet Explorer URL parsing vulnerability Julian HO Thean Swee (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)