used back in 2008 in Billy Rios' GIFAR
attack -- to get around the fact that Picasa hosts images on a separate
domain:
http://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/
The blog post title was SUN Fixes GIFARs, although it's not immediately
obvious to me what was changed or fixed
Internet Explorer has received a lot of attention lately for the way
it handles requests for external URIs Nate and I have warned that
IE isn't the only browser with URI handling issues
I've posted a PoC for remote command execution in Firefox (2.0.0.5),
Netscape Navigator 9, and mozilla
To all,
Registered URIs can be extremely dangerous... browsers must take
special care in filtering which characters are passed to registered
URIs. Developers must take special care when registering a URI.
We've discovered MANY MANY issues with registered URIs over the last
year. Registered URIs
Interesting I'm curious as to what kind ofvalidationis used on the parameter when it's used in an HREF tag.
On a side note, I recently came across something similar to the [EMAIL PROTECTED] phishing trick. The url below demonstrates the vulnerability: