[vox-tech] New phishing vulnerability

Rob Rogers vox-tech@lists.lugod.org
Tue, 9 Dec 2003 23:25:04 -0600 (CST)


> I use old browsers. MSIE 5.50 and Netscape 4.77 both work OK for me.
> (i.e. http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm
> displays on the address line for both)

Well, it was an IE specific vulnerability, so NS should be just fine. Try
going to their proof of concept link (
http://www.zapthedingbat.com/security/ex01/vun1.htm ) and clicking the
"Test Exploit" button.

In Mozilla 1.5 on Linux, I see
http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm which
is what I cut and pasted into my email. On IE 5.0 on Windows, there was
nothing after http://www.microsoft.com ... and actually, if I go into the
URL bar on IE and type http://www.microsoft.com, I will see in the
history, almost the same link I see in Mozilla, except with the %01
replaced by a box (standard unprintable character)

Sorry for the confusion. That's why I had included the whole mail with
their POC link included. I should have explained further.