by r0t,der4444,cembo,VietMafia

Monday, April 17, 2006

vuln. on , and others

This vuln. mostly can be used by phishing attacks...
Just Look at screenshot:

In screenshot you see just my email adress , but there can be anything else like redrict to attackers host.

So,attacker must only put on mail html body like in my example:

(TABLE border="1" cellspacing="1" cellpadding="0">
(tr>Please contact administrator (a>>
(TABLE border="1" cellspacing="1" cellpadding="0">
(tr>Hi victim!(/tr>

notice: of course change "(" to "<"

So, it works on , is already reported and will be fixed soon) and many another email services.


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew