Re: Konqueror: URL address bar spoofing vulnerabilities
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig45CC7D0FF196843592B7AC46
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Robert Swiecki ha scritto:
> [...]
> The first example uses setInterval() call with relatively small interva=
l
> value (e.g. 0) to change window.location property. A browser is
> entrapped within the attacking web site while the user thinks that
> browser actually left the page.
> http://alt.swiecki.net/konq2.html
> [...]
Didn't really work on my computer. The content of the address bar could b=
e seen changing
continuously between swiecki.net and google.com, probably in a way simila=
r to what happens with Safari.
> The second one is based on the http URI scheme which allows embedding
> user/password parameters into it, i.e. http://user:password@domain.com.=
> Such parameters can contain whitespaces, so the attack vector is quite
> obvious.
> http://alt.swiecki.net/konq3.html
>
> Tested with Konqueror 3.5.7 on Linux 2.6
Again, it didn't work. My address bar showed "%20@alt.swiecki.net/saft2.h=
tml", aligned to the right.
Sure, if you scroll all the way to the left you'll just see www.google.co=
m, but otherwise the
address shown is what I reported above.
Tested with Konqueror 3.5.5, KDE 3.5.5, kernel 2.6.21-r4 (gentoo), 64bit =
version.
--------------enig45CC7D0FF196843592B7AC46
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGt67pgcNpQSFIZUgRAiREAKDC3Wz6MUwdyb8uyhCU668ygTzpRwCeIIb1
PcXUkddFMux6h4bJytjk0fk=
=Kphh
-----END PGP SIGNATURE-----
--------------enig45CC7D0FF196843592B7AC46--
Chiacchiera con i tuoi amici in tempo reale!
http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com
討論串 (同標題文章)