Full Disclosure mailing list archives
Re: Safari Address Spoofing (How We Got It)
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sun, 31 May 2015 08:09:42 -0700
Well... http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html On Thu, May 28, 2015 at 10:47 PM, David Leo <david.leo () deusen co uk> wrote:
Proof of concept: http://www.deusen.co.uk/items/iwhere.9500182225526788/ It works on fully patched versions of iOS and OS X. How it works: Just keep trying to load the web page of target domain. How We Got It: Safari changes address bar to new URL, BEFORE new content is loaded. BestSec http://www.deusen.co.uk/items/bestsec/ We like it. We read it. Kind Regards, _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Safari Address Spoofing (How We Got It) David Leo (May 31)
- Re: Safari Address Spoofing (How We Got It) Michal Zalewski (May 31)