NullyFake - Site Spoofing in MSIE
From: Liu Die Yu (liudieyu_at_UMBRELLA.NAME)
Date: 08/15/04
- Previous message: Russ: "Administrivia #30134 - XP SP2 Information versus List Volume"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 15 Aug 2004 16:51:02 +0800 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
SUBJ: NullyFake - Site Spoofing in MSIE
FROM: Liu Die Yu <liudieyu AT umbrella D0T name>
[demo]
http://umbrella.name/originalvuln/msie/NullyFake/test.htm
[tested]
ie6.zhcn.sp1.up2date running on winxp.pro.zhcn.up2date : 2004/08/15
ie6.en.sp1.up2date running on winxp.pro.en.up2date : 2004/08/15
(xpsp2 does not appear at windows update website, so my computers with
copyright winxp don't have it installed)
[exp]
just fake the location field - just useful for cheating people to input
some stuff :-)))))
i reported to ms ages ago, but got no reply so far.
so, why i'm wasting another ie bug by publishing it?
just to pass a message:
http://editive.com/ is running :-)
[greetingz]
guninski
malware
jelmer
brisy
feng4ever
seclists
- all guys and orgz listed at umbrella.name
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----
- Previous message: Russ: "Administrivia #30134 - XP SP2 Information versus List Volume"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
