For example - I don't have an ASCII chart handy, but suppose %03 is also non-printable -
<a href=" http://[EMAIL PROTECTED]/exploit /format/c ">Read this or risk legal action!!!</a>
Um.. the exploit doesn't work if the character is escaped with a %.. it only works with a *real* value there..
Try it yourself. You can build the link with a hex-edit capable editor of some sort.. I made one in ultraedit very quickly that displayed www.microsoft.com in the title bar while loading slashdot.org.
Doesn't work against the version of mozilla I have, but works well against IE :)
http://[EMAIL PROTECTED]/
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
