« Return to Thread: Redirection obfuscation in FF and NS

Re: Redirection obfuscation in FF and NS

by RSnake :: Rate this Message:

This actually isn't using the username:password@ trick (which
pops up a warning in Firefox). This is using malformed URL which is
then sent through Firefox's search engine. Slightly different, but same
effect, assuming you own the search term.

On Mon, 20 Mar 2006, Saqib Ali wrote:

>> http://www.visa.com@rsnake
>> and
>> http://rsnake:www.visa.com
>
> Deja Vu....
>
> hmm. this is pretty old stuff.
>
> MS fixed it in 2005 in their browsers.
> See
> http://support.microsoft.com/default.aspx?scid=kb;[LN];834489
>
> --
> Saqib Ali, CISSP
> http://www.xml-dev.com/blog/
> "I fear, if I rebel against my Lord, the retribution of an Awful Day
> (The Day of Resurrection)" Al-Quran 6:15
>

-R

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

« Return to Thread: Redirection obfuscation in FF and NS