Works fine for me same version IE6.0.2800.1106.xpsp2. Sends me to https://paypal.com Although I did notice that the <button> seems to be a requirement for this vulnerability to work, as using a plain hyperlink <a href> fails for me.
-joe- -----Original Message----- From: Rui Pereira [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 12:13 PM To: 'Exibar' Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability Er, on IE6.0.2800.1106.xpsp2....this shows up as https://www.let_me_steal_your_money.com/ in the address line. Guess it don't work as advertised. Maybe we should all upgrade? ;) R _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html