<a href="http://www.w00tynetwork.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.w00tynetwork.com</a> is trying to sell CC cashing services, and <a href="http://www.w00tynetwork.com/news.htm" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
www.w00tynetwork.com/news.htm</a> is using the CreateTextRange(); exploit. <br><br><div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style="direction: ltr;">
<span class="e" id="q_10aa9bb21bc20814_1"><br><div><span class="gmail_quote">On 4/17/06, <b class="gmail_sendername">Morning Wood</b> <<a href="mailto:se_cur_ity@hotmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
se_cur_ity@hotmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> exploit creates a frameset and redirects to<br>> <a href="http://w00tynetwork.com/x/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://w00tynetwork.com/x/</a> ,it's interesting that the
<br><br>redirects to <a href="http://211.22.14.50/.yahoomail/x.htm" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://211.22.14.50/.yahoomail/x.htm
</a> and spoofs a Yahoo login<br>page.<br>upon entering credentals, the site redirects back to <a href="http://mail.yahoo.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://mail.yahoo.com</a>
<br>so it simply looks like a bad login.<br><br><a href="http://211.22.14.50" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
211.22.14.50</a> = <a href="http://www.gbigift.com.tw" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.gbigift.com.tw</a><br><br>cheers,<br>mw<br><br>_______________________________________________
<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://secunia.com/</a><br>
</blockquote></div><br>
</span></div></blockquote></div><br>