[OT] Re: Please Restore Your Account Access
Alex Satrapa
grail at goldweb.com.au
Sat Jul 2 00:21:11 GMT 2005
On 2 Jul 2005, at 03:22, security at paypal.com wrote:
> Click here to activate your account
Is the script in that page broken, is it my browser being cautious,
or is that a IE-specific attack?
When I click on the link, the page that opens up says "This page has
moved, if you are not automatically forwarded to the new page, please
click here." With that link calling:
function Start(page) {
OpenWin = this.open(page, "CtrlWindow",
"ini,toolbar=yes,location=no,status=yes,menubar=yes,scrollbars=no,resiza
ble=yes");
}
with "page" set to 'sysdll.php'.
I'd love to see what it does on a Microsoft Windows machine, but to
me it looks like the attack is doomed to fail due to the programmer
not setting the path correctly.
Alex
More information about the wireless
mailing list