lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: 1 at malware.com (http-equiv@...ite.com )
Subject: Re: New URL spoofing bug in Microsoft Internet Explorer


Since we're going the whole nine yards here, let's toss in the following 
as well:

1. This will of course give a different reading in the status bar
2. More importantly it will bypass the so-called 'popup blocker' in IE XP 
SP2

It's a hand-made Excel spreadsheet using OWC11 for Office 2003. One might 
suspect that the older versions will function the same.

[screenshot: http://www.malware.com/xcellente.png 5 KB]

Perhaps someone with more knowledge can get it to automate:

'foo.ActiveCell.openHyperlink
'foo.Worksheets(1).Hyperlinks(1).Follow

Then you're back in the popup business.

Raw functional incomplete demo here:
[OWC11: switch on your IE popup blocker]


http://www.malware.com/xcellent.html


-- 
http://www.malware.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ