lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 27 May 2004 09:53:33 -0000 From: <sandrijeski@...oo.com> To: bugtraq@...urityfocus.com Subject: Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability In-Reply-To: <40A90108.9000301@...czaba.com> I can't see this as vulnerability because its legal code I do something similar without using image map for my site to hide the affiliate tracking code. This is the code: <a onmouseover="window.status='http://www.the-url-you-see.com;return true" title="The Link" onmouseout="window.status='Whatever-you-like-here';return true" href='http://www.some-other-url.com'>The link</a> living example: http://lotdcrew.org/drunkteam_new/page/affiliates.php ------------------------------------------------ >Received: (qmail 26354 invoked from network); 17 May 2004 18:17:56 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27) > by mail.securityfocus.com with SMTP; 17 May 2004 18:17:56 -0000 >Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id B52342371D4; Mon, 17 May 2004 20:13:15 -0600 (MDT) >Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@...urityfocus.com> >List-Help: <mailto:bugtraq-help@...urityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com> >List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com> >Delivered-To: mailing list bugtraq@...urityfocus.com >Delivered-To: moderator for bugtraq@...urityfocus.com >Received: (qmail 11770 invoked from network); 17 May 2004 12:00:16 -0000 >Message-ID: <40A90108.9000301@...czaba.com> >Date: Mon, 17 May 2004 14:14:32 -0400 >From: Kurczaba Associates advisories <advisories@...czaba.com> >User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) >X-Accept-Language: en-us, en >MIME-Version: 1.0 >To: bugtraq@...urityfocus.com >Subject: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability >Content-Type: text/plain; charset=us-ascii; format=flowed >Content-Transfer-Encoding: 7bit > >Microsoft Internet Explorer ImageMap URL Spoof Vulnerability > >http://www.kurczaba.com/securityadvisories/0405132.htm >------------------------------------------------------------- > >Vulnerability ID Number: >0405132 > > >Overview: >A vulnerability has been found in Microsoft Internet Explorer. A >specially coded ImageMap can be used to spoof the URL displayed in the >lower, left hand corner of the browser. > > >Vendor: >Microsoft (http://www.microsoft.com) > > >Affected Systems/Configuration: >The versions affected by this vulnerability are Microsoft Internet >Explorer 5 and 6. > > >Vulnerability/Exploit: >An ImageMap can be used to spoof the URL displayed in the lower, left >hand of the browser. View the "Proof of Concept" example for details. > > >Workaround: >None so far. > > >Proof of Concept: >http://www.kurczaba.com/securityadvisories/0405132poc.htm > > >Date Discovered: >May 13, 2004 > > >Severity: >High > > >Credit: >Paul Kurczaba >Kurczaba Associates >http://www.kurczaba.com/ > > >
Powered by blists - more mailing lists