[Dshield] MSFT Internet Explorer, %01 URL spoofing

Kenneth Coney superc at visuallink.com
Tue Dec 16 17:34:43 GMT 2003


The com %01 @ still plainly shows on the top bar with my Netscape 7.1 on both.

Subject: RE: [Dshield] MSFT Internet Explorer, %01 URL spoofing
From: "Johannes B. Ullrich" <jullrich at sans.org>
Date: Mon, 15 Dec 2003 13:24:41 -0500
To: General DShield Discussion List <list at dshield.org>

 >> When sent in a text email, the link was hyperlinked, but showed validly.


oh. I forgot the '#' in front of the 001. Try this link:

http://secure.fakebank.com&#001;@secure.euclidian.com/fakebank.html

or with '<a>' tags:
<a 
href="http://secure.fakebank.com&#001;@secure.euclidian.com/fakebank.html">http://secure.fakebank.com</a>

-- 





More information about the list mailing list