| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jul 2004 15:16:22 +1000 From: "Michael Silk" <michaels@....com.au> To: "Chenghuai Lu" <luchenghuai@...oo.com>, <bugtraq@...urityfocus.com> Subject: RE: Forward:FullDisclosure/IE - Possible Address Spoofing Hello, Without knowing, it may treat some sites differently due to the time required it physically takes to download the data. -- Michael -----Original Message----- From: Chenghuai Lu [mailto:luchenghuai@...oo.com] Sent: Tuesday, 27 July 2004 1:00 AM To: bugtraq@...urityfocus.com Subject: RE: Forward:FullDisclosure/IE - Possible Address Spoofing I played the exploit using IE5 and IE6. I observed some strange behaviors. Under IE5 no sp when I click the link, the IE will open the urls specified in the href, i.e., microsoft, google and slatdot first. Then, the IE will redirect the window to the url specified in onunload. Under IE6 sp1, the IE will directly open the url specified in onunload. But for the specific example of google.com, the IE copies the content of google page and opens it in the local domain. The screenshots are attached in the email. Two questions: 1. Why does IE6 treat Microsoft.com, slatdot.com and google.com differently? 2. Does this mean that, google can execute code with local privilege in my computer? ----- SUBJ: FullDisclosure: multiple web browsers, multiple bugs - onUnload and location.href FROM: Rudolf Polzer (divzero_at_gmail.com) URL : http://seclists.org/lists/fulldisclosure/2004/Jul/1001.html DEMO: http://www.informatik.uni-frankfurt.de/~polzer/rbiclan/location ----- after i clicked "Google" on the page, address field of IE was faked - on ie6.sp1.up2date running on winxp.home.en.up2date just got it at iebug.com today. liudieyu liudieyu AT umbrella D0T name __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com This email message and accompanying data may contain information that is confidential and/or subject to legal privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email message in error, please notify us immediately and erase all copies of this message and attachments. This email is for your convenience only, you should not rely on any information contained herein for contractual or legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by authorised persons.
Powered by blists - more mailing lists