lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1B95Yz-00010Y-00@tungsten.btinternet.com>
From: r_i_c_h_lists at btopenworld.com (Richard Maudsley)
Subject: InternetExplorer SSL Popup

Hi,

I'm investigating xss issues on ssl servers.

When I inject
<script>window.open("javascript.writeln('test')")</script>
into the page i see some strange things...

Mozzila's (FireFox) new instance shows no relationship with the original
page from which the window was opened. However, Internet Explorer decides
that the new window also belongs to that server and includes the lovely SSL
padlock icon in the status bar. Double clicking this icon (accessing the
securuty report for that domain) shows an message stating; "This type of
document does not have a  security certificate", lovely.

This makes phishing a breeze, I can render a brand new page inside an
apparently secure browser window!

How are XSS vulns exploited in the wild? Bulk mail with the poisoned link?
How is bad html/script be crafted into the original vulnerable page to make
it look legitimate?

-Rich


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ