Re: Opera/Konqueror: data: URL scheme address bar spoofing

看板Bugtraq作者porten.時間17年前 (2007/07/24 11:03)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/3 (看更多)

This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323328-1323314767-1184443897=:8339 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Hi! > With a specially crafted web page, an attacker can redirect > a www browser to the page, which URL (in the url bar) resembles > an arbitrary domain choosen by the attacker. Attached is a patch that just got applied in KDE's repository to fix the problem in Konqueror. Thanks for the report, Harri. --8323328-1323314767-1184443897=:8339 Content-Type: TEXT/plain; charset=US-ASCII; name=location.diff Content-Transfer-Encoding: BASE64 Content-ID: <Pine.LNX.4.64.0707142211370.8339@pudel.froglogic.com> Content-Description: Content-Disposition: attachment; filename=location.diff SW5kZXg6IGtvbnF1ZXJvci9rb25xX2NvbWJvLmNjDQo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09DQotLS0ga29ucXVlcm9yL2tvbnFfY29tYm8uY2MJKHJldmlz aW9uIDY0Mzc4MikNCisrKyBrb25xdWVyb3Iva29ucV9jb21iby5jYwkod29y a2luZyBjb3B5KQ0KQEAgLTE1OCw2ICsxNTgsNyBAQA0KICAgICAgICAga2Fw cC0+ZGNvcENsaWVudCgpLT5zZW5kKCAia29ucXVlcm9yKiIsICJLb25xdWVy b3JJZmFjZSIsDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICJhZGRUb0NvbWJvKFFTdHJpbmcsUUNTdHJpbmcpIiwgZGF0YSk7DQogICAg IH0NCisgICAgbGluZUVkaXQoKS0+c2V0Q3Vyc29yUG9zaXRpb24oIDAgKTsN CiB9DQogDQogdm9pZCBLb25xQ29tYm86OnNldFRlbXBvcmFyeSggY29uc3Qg UVN0cmluZyYgdGV4dCApDQo= --8323328-1323314767-1184443897=:8339--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 porten. 的文章

文章代碼(AID): #16fMlp00 (Bugtraq)