77
vote
Whoops there it goes! Another pure browser evilness, this time for all the Opera fans. Alex and I where bouncing of e-mails and then he sends me this PoC out of the blue. He told me: "Opera truncates the string for the server's hostname after the 34th character. So you can easily set up a domain like securelogin.profiles.microsoft.com.testing.bitsploit.de to phish a user's login data." And that is what he did:Visit the PoC URL below with Opera (I used 9.21) and click on the link.
Bookmark/Search this post with:
Trackback URL for this post:
http://www.secgeeks.com/trackback/508
