RE: Internet explorer 7.0 spoofing
- To: darth.jedi@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
- Subject: RE: Internet explorer 7.0 spoofing
- From: "Mike Diaz" <mikediaz.360@xxxxxxxxx>
- Date: Wed, 2 Apr 2008 13:28:28 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=++0uqHyvQWjVgWyZ6alfFEOJAkoQaOG+HCESzAHOTMw=; b=OJYv7LOuM8qVShByVb7gHzPacGAkXeTz+8kLorttC4U5bc/eBqfzldJMLcTs3ql5i8f6OBoYCi8iUEBWhYnvzV3OimWDq/D+Z69lNdd44SRuGkAirWswW5yYutVI1AvLmZU5OODxzADSsnjFj2UnlG6sL02Jdbv/4auGGR5bDdc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=quhNEpAicz/04l4PUurX3HWcqbDO9cJQ1/8twEp8Yirf4xXMsRixmNIJSXTdsIQAgp8RL8vuTmFNYIasep0wa1wAs3KNWccD0pHUU+KsM9DKjjPM7atEcCu32XnDVfiD0H3drc0DWA+7+fgdj/Ukw30T5IKaRc4ANfTmWu2h4PQ=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
He's basically saying that if you create a popup small enough
width-wise, then you can hide everything before the # so that unless
the user actually goes into the address bar and scrolls left, all they
will see is what you put after the #. Here's a screenshot so you can
see what he's talking about:
http://lh6.google.com/mikediaz.360/R_PpsHN-hCI/AAAAAAAAABc/_F2JZMpUiS4/Screenshot.png