[Dshield] MSFT Internet Explorer, %01 URL spoofing
Tyler.Hudak at roadway.com
Mon Dec 15 17:54:49 GMT 2003
The two links still showed as https://secure.euclidian.com/fakebank.html in
IE when click on from Outlook. These were both sent in an HTML email.
When sent in a text email, the link was hyperlinked, but showed validly.
I did manage it in Outlook Express. It did require sending HTML email.
See how this looks in Outlook (I am not able to post html to the list):
or with '<a>' tags:
(some e-mail readers will parse '<a>' tags even in text email.)
More information about the list