lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 25 Aug 2005 14:26:47 +0200
From: Tobias Boonstoppel <boonstoppel@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: unload event in ie/mozilla/opera


> the only time that seems to trigger is when a different address is placed in the
> address bar.

yes. this is why i added the "window.unlock" which is set true on
document.onmousedown
--> see code

> hit reload, you will see the URL of the site you typed in.
yes... strange things happens there. also if you "see source-code"
after the redirect, it shows the source of the url you  typed into the
address-bar.

i did not have time to play some more with it. but maybee there i a
way to spoof an URL

on my opinion this redirect should be blocked (like they do block
popups etc..). this is a security lack... or am i wrong?

cheers
Tobias

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ