Re: IE URL obfuscation
From: Jeroen Frijters (jeroen_at_SUMATRA.NL)
Date: 12/12/03
- Previous message: Russell Freeland: "Re: IE URL obfuscation: counterpoint"
- Maybe in reply to: Ben Reardon: "IE URL obfuscation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Dec 2003 00:04:57 +0100 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Russ wrote:
> This is only true as long as the page that's supposed to be
> trusted doesn't contain a "/" in it. IOWs, you can only spoof
> the top level URL of a site, not pages within it. All links
> on a spoofed site are going to point to the same,
> www.spoofedsite.crap, nothing can point to
> www.spoofedsite.crap/about.htm or anything like it.
This is not true. Check out:
http://www.frijters.net/url.html
Regards,
Jeroen
---- NTBugtraq subscribers save $103.00 off the TICSA exam by using promo code "NT1003" when registering to take the TICSA exam at www.2test.com. Prove to your employer and peers that you have the knowledge and abilities to be an active stakeholder in today's enterprise security. Become TICSA certified www.trusecure.com/ticsa. Promotion expires 12/31/03 and cannot be used in combination with other offers. ----
- Previous message: Russell Freeland: "Re: IE URL obfuscation: counterpoint"
- Maybe in reply to: Ben Reardon: "IE URL obfuscation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
