[vox-tech] New phishing vulnerability

Fri, 12 Dec 2003 10:14:34 +0000

On Thu, Dec 11, 2003 at 09:48:10PM -0800, Ken Bloom wrote:
> The button requires scripting, not the exploit.
> The button read the code, and you'll see that the JavaScript way of 
> demonstrating the exploit is easier to stick in an HTML file than it 
> would be to actually try and stick an ASCII character #1 in there.

Actually, there's a really simple way to do it. &#1 will put a literal 0x01 character in the html file. No need for javascript or anything. 