Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Mozilla Firefox Certificate Spoofing
From: Aviv Raff <avivra () gmail com>
Date: Mon, 2 Aug 2004 09:43:51 +0300
evilninja wrote:

i was not able to reproduce it in "Gecko/20040719 Firefox/0.9.1" either.
all i get is the real https:// site and this in the JS log:
Error: unterminated string literal
Source File:
Line: 1, Column: 17
Source Code:
document.writeln('<body onload=document.close();break;>


The original PoC contains an invalid JS code in the onunload event.
I've created a copy of the PoC without the problematic apostrophe that
causes the JS code to be invalid.
Here: http://avivra.europe.webmatrixhosting.net/moz/certspoof1.html

-- Aviv Raff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]