lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [month] [year] [list] 
From: r_i_c_h_lists at btopenworld.com (Richard Maudsley)
Subject: InternetExplorer SSL Popup

Hi,

I'm investigating xss issues on ssl servers.

When I inject
<script>window.open("javascript.writeln('test')")</script>
into the page i see some strange things...

Mozzila's (FireFox) new instance shows no relationship with the original
page from which the window was opened. However, Internet Explorer decides
that the new window also belongs to that server and includes the lovely SSL
padlock icon in the status bar. Double clicking this icon (accessing the
securuty report for that domain) shows an message stating; "This type of
document does not have a  security certificate", lovely.

This makes phishing a breeze, I can render a brand new page inside an
apparently secure browser window!

How are XSS vulns exploited in the wild? Bulk mail with the poisoned link?
How is bad html/script be crafted into the original vulnerable page to make
it look legitimate?

-Rich

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux