[35277] in bugtraq
COELACANTH: Phreak Phishing Expedition
daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Mon Jun 14 12:35:49 2004
Message-Id: <200406102034.i5AKY5kL004755@web117.megawebservers.com>
To: <bugtraq@securityfocus.com>
Date: Thu, 10 Jun 2004 20:34:05 -0000
From: "http-equiv@excite.com" <1@malware.com>
Cc: <NTBugtraq@listserv.ntbugtraq.com>
Reply-To: 1@malware.com
Thursday, June 10, 2004
The following was presented by 'bitlance winter' of Japan today:
<a href="http://www.microsoft.com%2F redir=www.e-
gold.com">test</a>
Quite inexplicable from these quarters. Perhaps someone with
server 'knowledge' can examine it.
It carries over the address into the address bar:
[screen shot: http://www.malware.com/gosh.png 72KB]
while redirecting to egold. The key being %2F without that it
fails. The big question is where is the 'redir' and why is it
only applicable [so far] to e-gold. Other sites don't work and e-
gold is running an old Microsoft-IIS/4.0.
Working Example:
http://www.malware.com/golly.html
credit: 'bitlance winter'
End Call
--
http://www.malware.com
