Skip to Main Content
Phishing Exposed
book

Phishing Exposed

by Lance James, Dave Jevans
November 2005
Intermediate to advanced content levelIntermediate to advanced
450 pages
11h 24m
English
Syngress
Content preview from Phishing Exposed
good news is that there is no input validation, and we can observe that our code
was interpreted, and the meta-refresh HTML demonstrates that clearly.That
means there are two trivial ways to get our code evaluated by the server:
Find a registered protocol that executes code.
Close the meta-refresh tag code and initiate our code.
The first technique can be limited, but we can definitely show that we can
successfully execute our cross-site scripting test, like so (see Figure 4.29):
[Our Poisoned URL]
http://www.personal.barclays.co.uk/BRC1/jsp/brcucontrol?site=pfs&task=intern
al&value=javascript:alert('vulnerable?');&target=_self
[Meta-Refresh Result]
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

A Machine-Learning Approach to Phishing Detection and Defense

A Machine-Learning Approach to Phishing Detection and Defense

O.A. Akanbi, Iraj Sadegh Amiri, E. Fazeldehkordi
Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Robin Dreeke, Michele Fincher, Christopher Hadnagy
Ransomware

Ransomware

Allan Liska, Timothy Gallo

Publisher Resources

ISBN: 9781597490306