[Dshield] MSFT Internet Explorer, %01 URL spoofing

Hudak, Tyler Tyler.Hudak at roadway.com
Mon Dec 15 17:54:49 GMT 2003

The two links still showed as https://secure.euclidian.com/fakebank.html in
IE when click on from Outlook.  These were both sent in an HTML email.  

When sent in a text email, the link was hyperlinked, but showed validly.


Johannes wrote:

I did manage it in Outlook Express. It did require sending HTML email.
See how this looks in Outlook (I am not able to post html to the list):


or with '<a>' tags:


(some e-mail readers will parse '<a>' tags even in text email.)

More information about the list mailing list