lt_wentoncha
Red6
join:2002-05-12
000000
2 edits | AOL s'aight
AOL 8.0 Browser catches somehow. |
|
Lurkerer
@66.113.x.x
 from:
ssj4android 
| I never fully click a link before looking at the real url. There are many sites that "fake" this with javascript (porn sites come to mind). You semi-click the link, basically click but keep holding down the mouse button and view the status bar for the real link. This is the way I look where I'm really lurking into. |
|
Lurkerer
@66.113.x.x | Could some mod kindly move this reply to it's own thread? I think it'll benefit a few people if they don't already do this when clicking links. |
|
Nam Vet
Premium
join:2001-12-03
Allentown, PA | reply to Lurkerer
your "holding the mouse button down" trick only works the 1st time! if Ie caches the fake page and you try again you only see whats before the "@"!
--
H O W T R U E : If you want something done, ask a busy person to do it |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ | out of curiosity, I know it(that character) shows up as some box, but how exactly is that made to begin with?
--
My teacher asked the square root of Pi. I thought the answer was 2 slices. |
|
Nam Vet
Premium
join:2001-12-03
Allentown, PA
| "The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL."
from the danish company that discovered it
»www.secunia.com/advisories/10395/
--
H O W T R U E : If you want something done, ask a busy person to do it |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ
| said by Nam Vet :
"The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL."
from the danish company that discovered it
»www.secunia.com/advisories/10395/
I know, but lets say I was going to attempt to do this to someone, I can type %01 in the url but it doesn't work, what has to happen to create that character that represents %01
--
My teacher asked the square root of Pi. I thought the answer was 2 slices. |
|
Nam Vet
Premium
join:2001-12-03
Allentown, PA | try typing a url with tha "%01" in it here at dev/nul and making a post. |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ
| said by Nam Vet :
try typing a url with tha "%01" in it here at dev/nul and making a post.
huh?
--
My teacher asked the square root of Pi. I thought the answer was 2 slices. |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ | reply to lt_wentoncha
basically what I'm asking is how to get that strange character |
|
Nam Vet
Premium
join:2001-12-03
Allentown, PA
1 edit | re: huh? never mind, I tried myself, and it did not work
(see screen shot)
although it might be just the way dslr makes links in posts.
guess ya gotta use html. |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ | yeah, it works in html |
|
Maggs
Premium
join:2002-11-29
Woodside, NY | One thing they forgot is the / after .com . That would really catch my attention.
--
Welcome Home Rob. Get Well Soon |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ | I tried adding a / after the com, and it takes you to the real url if it's in the link
--
My teacher asked the square root of Pi. I thought the answer was 2 slices. |
|
rjackson
Premium,Mod
join:2002-04-02
Ringgold, GA
clubs:
Host:
SMC Networks
Automotive
VOIP Tech Chat
ViaTalk
Teleblend
| reply to lt_wentoncha
said by lt_wentoncha :
AOL 8.0 Browser catches somehow.
AOL's browser is Mozilla, ergo it's not fooled. |
|
Jason Levine
Premium
join:2001-07-13
USA
| reply to Trel
said by Trel :
I tried adding a / after the com, and it takes you to the real url if it's in the link
I thought that too, but you can encode the slash as %2F and it not only works, but decodes those %2F's back into /'s.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
cvrefugee
Premium
join:2003-09-15
Corona, CA
| reply to rjackson
Biznitch
Enough said? |
|
|
lt_wentoncha
Red6
join:2002-05-12
000000
| reply to rjackson
Re: AOL s'aight
said by rjackson :
said by lt_wentoncha :
AOL 8.0 Browser catches somehow.
AOL's browser is Mozilla, ergo it's not fooled.
Hmmm, I remember reading that AOL is based off IE, not something like Navigator or as l33t as Mozilla 
--
Arrogant People Royally Sucketh. |
|
redstepchild
Premium
join:2002-01-04
Birmingham, AL
| The bigger issue
The Victims
The victims will be the same people who
Click on pop up adds and purchase through spam email.
Never use a firewall
Never update their compute or internet software
The saddest part is that even if you did use mozilla, firebird, or netscape, the urls today are so long and complex, how is one user to tell if it is a phish site or not?
Most Address bars cut off the end of the url.
--
I'm a Cable girl.. In a Cable World.....RedStepChild@dslr.net |
|
rjackson
Premium,Mod
join:2002-04-02
Ringgold, GA
clubs:
Host:
SMC Networks
Automotive
VOIP Tech Chat
ViaTalk
Teleblend
| reply to lt_wentoncha
Re: AOL s'aight
said by lt_wentoncha :
said by rjackson :
said by lt_wentoncha :
AOL 8.0 Browser catches somehow.
AOL's browser is Mozilla, ergo it's not fooled.
Hmmm, I remember reading that AOL is based off IE, not something like Navigator or as l33t as Mozilla
Not since AOLTW owns Netscape. |
|
