Re: IE URL obfuscation

From: Jeroen Frijters (jeroen_at_SUMATRA.NL)
Date: 12/12/03

  • Next message: :: Operash ::: "[Opera 7] Arbitrary File Delete Vulnerability"
    Date:         Fri, 12 Dec 2003 00:04:57 +0100
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Russ wrote:
    > This is only true as long as the page that's supposed to be
    > trusted doesn't contain a "/" in it. IOWs, you can only spoof
    > the top level URL of a site, not pages within it. All links
    > on a spoofed site are going to point to the same,
    > www.spoofedsite.crap, nothing can point to
    > www.spoofedsite.crap/about.htm or anything like it.

    This is not true. Check out:
    http://www.frijters.net/url.html

    Regards,
    Jeroen

    ----
    NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
    code "NT1003" when registering to take the TICSA exam at www.2test.com.
    Prove to your employer and peers that you have the knowledge and
    abilities to be an active stakeholder in today's enterprise security.
    Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
    12/31/03 and cannot be used in combination with other offers.
    ----
    

  • Next message: :: Operash ::: "[Opera 7] Arbitrary File Delete Vulnerability"