lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040726145941.38743.qmail@web53705.mail.yahoo.com>
Date: Mon, 26 Jul 2004 07:59:41 -0700 (PDT)
From: Chenghuai Lu <luchenghuai@...oo.com>
To: bugtraq@...urityfocus.com
Subject: RE: Forward:FullDisclosure/IE - Possible Address Spoofing

I played the exploit using IE5 and IE6. I observed
some strange behaviors. Under IE5 no sp when I click
the link, the IE will open the urls specified in the
href, i.e., microsoft, google and slatdot first. Then,
the IE will redirect the window to the url specified
in onunload. Under IE6 sp1, the IE will directly open
the url specified in onunload. But for the specific
example of google.com, the IE copies the content of
google page and opens it in the local domain. The
screenshots are attached in the email. Two questions:

1. Why does IE6 treat Microsoft.com, slatdot.com and
google.com differently? 
2. Does this mean that, google can execute code with
local privilege in my computer? 

-----
SUBJ: FullDisclosure: multiple web browsers, multiple
bugs - onUnload 
and location.href
FROM: Rudolf Polzer (divzero_at_gmail.com)
URL :
http://seclists.org/lists/fulldisclosure/2004/Jul/1001.html
DEMO:
http://www.informatik.uni-frankfurt.de/~polzer/rbiclan/location
-----

after i clicked "Google" on the page, address field of
IE was faked - on 
ie6.sp1.up2date running on winxp.home.en.up2date

just got it at iebug.com today.

liudieyu
liudieyu AT umbrella D0T name




		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
Download attachment "AfterClick.zip" of type "application/x-zip-compressed" (52529 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ