lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200406291423.i5TENGCw025629@web187.megawebservers.com>
From: 1 at malware.com (http-equiv@...ite.com)
Subject: SUPER SPOOF  DELUXE Re: Microsoft and Security


 > On the subject of IE bugs, I am running SP2 RC2, 
IE6.0.2900.2149 today I
> opened a window 
> http://www.asus.com/products/server/srv-mb/ncch-dl/overview.htm
> In another IE window I had www.ingrammicro.com/uk open
> 
> Whe I click on the picture of the motherboard in the first 
page to enlarge
> it, it changes the ingrammicro page to have the picture of the 
motherboard
> in it but still displays the ingrammicro page title in the 
browser bar, and
> the top "frame" of the ingrammicro page....
> 
> Weird one, I don’t know if it is restricted to this build of 
IE though
> HTH
> Mark
 isclosure-charter.html

This is unbelieveable. Super Spoof DeLuxe ! Simply knowing the 
frame name of the target site we can modify the asus.com crazy 
code and inject whatever we want into the target site.

Here's a quick and dirty demo injecting malware.com into 
windowsupdate.microsoft.com :)

http://www.malware.com/targutted.html

- using window.open most popup blockers will block it, disable 
for the demo or recode with just open() or something else which 
can defeat them

- this demo hinges on the site code frame name being in english 
for the demo url of windowsupdate.com

-you need to time the loading of the target site before injecting

- quick testing from google frame + bank, yields banking sites 
using frames where it too works

exact reason or code in asus.com not examined at this time.

Well done Mark. A recording setting lunker.

-- 
http://www.malware.com







Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ