[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Is there a 0day vuln in this phisher's site?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Is there a 0day vuln in this phisher's site?
From: Andrew Clover <and-bugtraq@xxxxxxxxxxx>
Date: Sun, 30 Jan 2005 18:23:37 +0900

Paul Kurczaba <seclists@xxxxxxxxxxxxxx> wrote:

After some research, I found the script "exploit(s) an
Internet Explorer vulnerability resulting in Internet Explorer displaying
one location in the Address bar, but actually loading the content from a
different site."

Yep, this is a straight copy of my example posted here:

http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie

I have seen a few other phish in the wild using this exploit too.

I'm alarmed to see this still works in IE6SP2, as Microsoft fixed most of the problem in one of the SP2 betas, by limiting createPopup windows to the windows work area. Evidently they reversed the fix for the final SP2 release. SP2 is safe from the issue where popups can appear over dialogs, but it seems it is still vulnerable to spoofing everything else. Great.

--
Andrew Clover
mailto:and@xxxxxxxxxxx
http://www.doxdesk.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?
  - From: Larry Seltzer

References:
- RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?
  - From: Paul Kurczaba

Prev by Date: [Full-Disclosure] [gentoo-announce] [ GLSA 200501-41 ] TikiWiki: Arbitrary command execution
Next by Date: RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?
Previous by thread: Re: [Full-Disclosure] Is there a 0day vuln in this phisher's site?
Next by thread: RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?
Index(es):
- Date
- Thread