Full Disclosure mailing list archives
Konqueror: URL address bar spoofing vulnerabilities
From: Robert Swiecki <jagger () swiecki net>
Date: Mon, 06 Aug 2007 23:44:15 +0200
There are vulnerabilities in Konqueror that allow an attacker to spoof the URL adddress bar. The first example uses setInterval() call with relatively small interval value (e.g. 0) to change window.location property. A browser is entrapped within the attacking web site while the user thinks that browser actually left the page. http://alt.swiecki.net/konq2.html The very similar problem affects Apple Safari (3.0.3) but due to recent changes in Safari code (vide http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it's a lot harder to conduct a successful attack - URL address bat content changes so frequently so the attack is revealed to the user (variants of attack are currently under investigation). The second one is based on the http URI scheme which allows embedding user/password parameters into it, i.e. http://user:password () domain com. Such parameters can contain whitespaces, so the attack vector is quite obvious. http://alt.swiecki.net/konq3.html Tested with Konqueror 3.5.7 on Linux 2.6 The snapshot from my dekstop: http://alt.swiecki.net/konq3.png -- Robert Swiecki _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Konqueror: URL address bar spoofing vulnerabilities Robert Swiecki (Aug 06)
- Re: Konqueror: URL address bar spoofing vulnerabilities Jonathan Smith (Aug 06)
- Re: Konqueror: URL address bar spoofing vulnerabilities Jonathan Smith (Aug 06)
- Re: Konqueror: URL address bar spoofing vulnerabilities paraw (Aug 06)
- Re: Konqueror: URL address bar spoofing vulnerabilities Robert Swiecki (Aug 06)
- Re: Konqueror: URL address bar spoofing vulnerabilities Jonathan Smith (Aug 06)