| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Jun 2015 20:44:38 +0800 From: David Leo <david.leo@...sen.co.uk> To: Michal Zalewski <lcamtuf@...edump.cx> Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>, bugtraq <bugtraq@...urityfocus.com> Subject: Re: [FD] Safari Address Spoofing (How We Got It) Great blog, Michal! If you change "http://1.2.3.4/" in your Safari code: some URL in the real world(for example, dailymail.co.uk). Your code won't work(page of target domain is simply loaded). The trick here is: "keep trying to load". Kind Regards, __________ BestSec http://www.deusen.co.uk/items/bestsec/ We like it. We read it. On 2015/5/31 23:09, Michal Zalewski wrote: > Well... http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html > > On Thu, May 28, 2015 at 10:47 PM, David Leo <david.leo@...sen.co.uk> wrote: >> Proof of concept: >> http://www.deusen.co.uk/items/iwhere.9500182225526788/ >> It works on fully patched versions of iOS and OS X. >> How it works: >> Just keep trying to load the web page of target domain. >> >> How We Got It: >> Safari changes address bar to new URL, >> BEFORE new content is loaded. >> >> BestSec >> http://www.deusen.co.uk/items/bestsec/ >> We like it. We read it. >> >> Kind Regards, >> >> >> _______________________________________________ >> Sent through the Full Disclosure mailing list >> https://nmap.org/mailman/listinfo/fulldisclosure >> Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists