[36974] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [IE 6 SP2] Possible URL Spoofing

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Mon Oct 18 13:49:41 2004

Message-Id: <200410162058.i9GKwwF3028974@web184.megawebservers.com>
To: <bugtraq@securityfocus.com>
Date: Sat, 16 Oct 2004 20:58:58 -0000
From: "http-equiv@excite.com" <1@malware.com>
Reply-To: 1@malware.com



<!-- 

javascript:document.write("<iframe src='http://www.google.com' 
width='100%' height='100%'></iframe>"); 

 -->

This is representative of a generic cross-site-scripting 
situation. The homepage idea is a good one, but to date it seems 
impossible to break the silly security warning. From a site 
aspect you just need a 'hole' to penetrate and effect your code.
 
oh dear...perhaps like this one:

http://www.malware.com/dload.html


-- 
http://www.malware.com

home	help	back	first	fref	pref	prev	next	nref	lref	last	post