[vox-tech] New phishing vulnerability

R. Douglas Barbieri vox-tech@lists.lugod.org
Thu, 11 Dec 2003 15:53:12 -0800


--=-GKHlJvccrV2VPDPk36if
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Thu, 2003-12-11 at 15:47, Larry Ozeran wrote:
> At 11:25 PM 12/9/03 -0600, you wrote:
> >> I use old browsers. MSIE 5.50 and Netscape 4.77 both work OK for me.
> >> (i.e. http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2=
.htm
> >> displays on the address line for both)
> >
> <snip>
>=20
> >On IE 5.0 on Windows, there was nothing after http://www.microsoft.com .=
..
> and actually, if I go into the URL bar on IE and type
> http://www.microsoft.com, I will see in the history, almost the same link=
 I
> see in Mozilla, except with the %01 replaced by a box (standard unprintab=
le
> character)
>=20
> On IE 5.5 in Windows, I get the full address. Maybe MS fixed it in 5.5,
> then for some reason unfixed in 6.0?

You can't replicate the problem by just pasting the link above into your ad=
dress
bar. You need to access the link from here:

http://www.zapthedingbat.com/security/ex01/vun1.htm

Press the "Test Exploit" button.


> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
--=20
R. Douglas Barbieri
doug@dooglio.net
http://www.dooglio.net

GPG Fingerprint : FE6A 6A57 2B95 7594 E534  BFEE 45F1 9E5E F30A 8A27
MIT.edu recv-key: C55B91D4
GPG Public key  : http://www.dooglio.net/dooglio.asc

--=-GKHlJvccrV2VPDPk36if
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iQCVAwUAP9kDZ0Xxnl7zCoonAQJihQP/ajjrVompQWM3/Uun4uS8hLKNH2YNPMCi
xh0xI2i2ukuDvBPxmohv5AgYARRmDjp8a5DQFtQOQtfhWurstg1Clr7eipdkR/9y
Y4KZlu4yRAqlk6MOrv7w7/NVxqOkQ8at+q/PFAXJiUnwWLfMCiko6weAUnmbodaw
B5hZUyHDgjw=
=KVKG
-----END PGP SIGNATURE-----

--=-GKHlJvccrV2VPDPk36if--