Re: seamless bait-and-switch

看板Bugtraq作者jannhorn.時間14年前 (2011/12/10 05:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串4/5 (看更多)

2011/12/8 Michal Zalewski <lcamtuf@coredump.cx>: > What part? The change of a URL that is not associated with the > repainting of window contents? I believe that they are very unlikely > to catch this after initially examining the URL, in absence of other > indicators (change in URL length, page repainting, throbber activity). And even if so - someone who's typing in his password will not notice/react to a page reload for at least a few keystrokes. A javascript could send those to the server immediately, and if it's a semanic password, you might be able to guess the rest.

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 jannhorn. 的文章

文章代碼(AID): #1EudvIlH (Bugtraq)