WebApp Sec mailing list archives
Re: Phishing
From: "E.Kellinis" <me () cipher org uk>
Date: Sat, 15 May 2004 04:47:52 +0100
Phising is interesting, some applications allow you to do other tricks as well , if you have this in a webpage [a href="https://rehpic:www.cnn.com"]CNN[/a] Mozilla(firefox 8.0) instead of throwing an error it will through you into the "I am Feeling lucky" result of google which is my website in this case so guess what ... You wait until google adds you into the database You find some specific keywords for your website (which you make to look innocent ) and then you can totaly fake the destination URL if you have "cnnSSL" somewhere in your website you can make the url look very real (you can use https as well) https://SSL:www.cnn.com manos ========================================================= *PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt =========================================================
Current thread:
- RE: Phishing Sarah Elan (May 12)
- RE: Phishing Shivangi Nadkarni (May 12)
- RE: Phishing Zoso (May 13)
- <Possible follow-ups>
- RE: Phishing Rohrer, Mark E (May 12)
- RE: Phishing Griffiths, Ian (May 12)
- Re: Phishing Rogan Dawes (May 13)
- RE: Phishing Adam Lydick (May 14)
- Re: Phishing E.Kellinis (May 15)
- RE: Phishing Griffiths, Ian (May 13)
- RE: Phishing Griffiths, Ian (May 13)
- RE: Phishing Michael Silk (May 13)
- Re: Phishing Amit Sharma (May 13)
- Re: Phishing Amit Sharma (May 13)
- RE: Phishing Pete Simpson (May 13)
- RE: Phishing Griffiths, Ian (May 14)
- RE: Phishing Adam Lydick (May 15)
- RE: Phishing Damon McMahon (May 15)
- RE: Phishing Shivangi Nadkarni (May 12)