RE: Forward:FullDisclosure/IE - Possible Address Spoofing

To: "Chenghuai Lu" <luchenghuai@xxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Forward:FullDisclosure/IE - Possible Address Spoofing
From: "Michael Silk" <michaels@xxxxxxxxxx>
Date: Wed, 28 Jul 2004 15:16:22 +1000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcR0VoRG8JGPuaSHTbyoI0ZkFbgGEwAC00gg
Thread-topic: Forward:FullDisclosure/IE - Possible Address Spoofing

Hello,

        Without knowing, it may treat some sites differently due to the time 
required it physically takes to download the data.

-- Michael

-----Original Message-----
From: Chenghuai Lu [mailto:luchenghuai@xxxxxxxxx]
Sent: Tuesday, 27 July 2004 1:00 AM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RE: Forward:FullDisclosure/IE - Possible Address Spoofing


I played the exploit using IE5 and IE6. I observed
some strange behaviors. Under IE5 no sp when I click
the link, the IE will open the urls specified in the
href, i.e., microsoft, google and slatdot first. Then,
the IE will redirect the window to the url specified
in onunload. Under IE6 sp1, the IE will directly open
the url specified in onunload. But for the specific
example of google.com, the IE copies the content of
google page and opens it in the local domain. The
screenshots are attached in the email. Two questions:

1. Why does IE6 treat Microsoft.com, slatdot.com and
google.com differently? 
2. Does this mean that, google can execute code with
local privilege in my computer? 

-----
SUBJ: FullDisclosure: multiple web browsers, multiple
bugs - onUnload 
and location.href
FROM: Rudolf Polzer (divzero_at_gmail.com)
URL :
http://seclists.org/lists/fulldisclosure/2004/Jul/1001.html
DEMO:
http://www.informatik.uni-frankfurt.de/~polzer/rbiclan/location
-----

after i clicked "Google" on the page, address field of
IE was faked - on 
ie6.sp1.up2date running on winxp.home.en.up2date

just got it at iebug.com today.

liudieyu
liudieyu AT umbrella D0T name




                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


This email message and accompanying data may contain information that is 
confidential and/or subject to legal privilege. If you are not the intended 
recipient, you are notified that any use, dissemination, distribution or 
copying of this message or data is prohibited. If you have received this email 
message in error, please notify us immediately and erase all copies of this 
message and attachments.

This email is for your convenience only, you should not rely on any information 
contained herein for contractual or legal purposes. You should only rely on 
information and/or instructions in writing and on company letterhead signed by 
authorised persons.

Follow-Ups:
- RE: Forward:FullDisclosure/IE - Possible Address Spoofing
  - From: Chenghuai Lu

Prev by Date: Jaws 0.4: authentication bypass
Next by Date: DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability
Previous by thread: RE: Forward:FullDisclosure/IE - Possible Address Spoofing
Next by thread: RE: Forward:FullDisclosure/IE - Possible Address Spoofing
Index(es):
- Date
- Thread