Interesting I'm curious as to what kind of validation is used on the " parameter when it's used in an HREF tag.
On a side note, I recently came across something similar to the [EMAIL PROTECTED] phishing trick. The url below demonstrates the vulnerability:
http://any-site-here.com+www.secl
Raoul Nakhmanson-Kulish to me:
> >>Cross-platform code (remove line breaks to test):
> >>http://www.microsoft.com";
> >>onclick="self.location.href='http://www.google.com/';return
> >>false;">Microsoft
> >>Works OK in MSIE 6.0/Win2003 SP1 fully patched, Mozilla 1.7.12, Opera 8.50.
> > In my Win2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Click works on Safari Version 2.0.1 (412.5). (konqerer derivate for
Macos X 10.4)
Doesn't work if you rightclick the link to copy, open in other window
or open in other tab.
- --
sic, das CSIRT der Universitaet Dortmund
[EMAIL PROTECTED] www
Hello, Nick FitzGerald!
On 21.10.2005 11:15 you wrote:
Cross-platform code (remove line breaks to test):
http://www.microsoft.com";
onclick="self.location.href='http://www.google.com/';return
false;">Microsoft
Works OK in MSIE 6.0/Win2003 SP1 fully patched, Mozilla 1.7.12, Opera 8.50.
In my
Raoul Nakhmanson-Kulish wrote:
> This isn't a piece of news. This is absolutely expected behavior in all
> JavaScript-aware browsers.
Really?
> Cross-platform code (remove line breaks to test):
> http://www.microsoft.com";
> onclick="self.location.href='http://www.google.com/';return
> false;
Hello, K-Gen Gen!
On 20.10.2005 13:49 you wrote:
New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).
This isn't a piece of news. This is absolutely expected behavior in all
JavaScript-aware browsers.
Cross-platform code (remove line breaks to test):
http://www.microsoft.com";
onclick="self.lo
Mike Camden wrote:
> I thought this was by design since you may have a known url to go to but
> only after some form of validation has been passed.
IFF that is the case, then it is an extraordinarily brain-dead design,
as it breaks the very critical "rule" that you should NOT surprise the
user.
I thought this was by design since you may have a known url to go to but only after some form of validation has been passed.
On 10/20/05, K-Gen Gen <[EMAIL PROTECTED]> wrote:
New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).Gr337s .. I (K-Gen) have found a new (I think..) URL spoofing bug in IE.
It didn't work for me..but once I turned off the pop-up blocker off it
did appear to work.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of K-Gen Gen
> Sent: Thursday, October 20, 2005 4:49 AM
> To: full-disclosure@lists.grok.org.uk
> Subject: [F