lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 26 Apr 2005 18:31:41 +0100 (BST)
From: ViPeR <viper31337@...oo.co.in>
To: bugtraq@...urityfocus.com
Subject: IE - cross site click detection?


hi,

i stumbled upon a weird behaviour in IE, it
-indirectly- allows you to detect a mouse-click inside
another site - by placing an iframe between the
anchor-tags.. 

[snip]

<a href="javascript:alert('ALERT : You clicked inside
iframe!')">
<iframe
src="http://gmail.google.com/gmail/help/privacy.html"
frameborder="0" scrolling="no" 

marginwidth="0" marginheight="0" style="border: 0px;
width: 100%; height: 100%;">
</iframe>
</a>

[/snip]

rgds,
Gregory R. Panakkal
http://www.crapware.tk


________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ