WebApp Sec mailing list archives
Re: Redirection obfuscation in FF and NS
From: RSnake <rsnake () shocking com>
Date: Mon, 20 Mar 2006 16:19:55 -0800 (PST)
This actually isn't using the username:password@ trick (which pops up a warning in Firefox). This is using malformed URL which is then sent through Firefox's search engine. Slightly different, but same effect, assuming you own the search term. On Mon, 20 Mar 2006, Saqib Ali wrote:
http://www.visa.com@rsnake and http://rsnake:www.visa.comDeja Vu.... hmm. this is pretty old stuff. MS fixed it in 2005 in their browsers. See http://support.microsoft.com/default.aspx?scid=kb;[LN];834489 -- Saqib Ali, CISSP http://www.xml-dev.com/blog/ "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15
-R ------------------------------------------------------------------------- This List Sponsored by: SpiDynamicsALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Redirection obfuscation in FF and NS RSnake (Mar 20)
- Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)
- Re: Redirection obfuscation in FF and NS RSnake (Mar 20)
- Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)
- Re: Redirection obfuscation in FF and NS RSnake (Mar 20)
- Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)