Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Safari vulnerable to URL spoofing

From: Gilbert Verdian <gverdian () neoresearch org>
Date: Mon, 1 Nov 2004 01:21:35 +1100
Following the discovery by Benjamin Tobias Franz for spoofing URLs in IE by using tables within links. 

http://www.packetstormsecurity.nl/0410-advisories/msieLink.txt
It is possible to spoof URLs under OS X in the latest Safari browser 1.2.3 (v125.9) by using the same method. Ironically, this does not work with Internet Explorer on OS X version 5.2.3 (5815.1). 

Tested on OS X 10.3.5 (build 7M34) with latest software update.
Further details and example at http://www.neoresearch.org/[neo]safari_url_spoof.html 

regards,

Gilbert Verdian
neoresearch.org
Previous By Date Next
Previous By Thread Next

Current thread: