Safari browser 3.1 (525.13) spoofing

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Safari browser 3.1 (525.13) spoofing
From: jplopezy@xxxxxxxxx
Date: 21 Mar 2008 20:00:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello everybody, this time writing to inform them of a vulnerability in the 
Safari browser for Windows 3.1 which allows falsify the web address and enter 
another page or content that we want. 

Below I attach a proof of concept so they can see what it is doing so simple 
and so dangerous because it can leverage for many techniques such as phishing. 

What makes the proof of concept is simply open a window with the site and we 
want to forge another function overwrites the content of the page so that we 
can insertarle from a frame to a fake login what is happening to us. 

Without them command more to say greetings from Argentina !!!!!!!

http://es.geocities.com/jplopezy/pruebasafari.html


Juan Pablo Lopez Yacubian
fuzzertina.blogspot.com

Prev by Date: Google SoC 2008: Security Projects
Next by Date: Re: Potential SQL injection vulnerability in Apache::AuthCAS
Previous by thread: Google SoC 2008: Security Projects
Next by thread: F5 BIG-IP Web Management Audit Log XSS
Index(es):
- Date
- Thread