Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Mouseover URL spoof with IE
From: Danny <nocmonkey () gmail com>
Date: Wed, 9 Feb 2005 16:07:33 -0500

On Wed, 9 Feb 2005 12:24:29 -0800, Thor Larholm <thor () pivx com> wrote:
I'm guessing you are refering to the status bar which displays the
address of a link onmouseover.


Yes, the status bar which displays the address of a hyperlink
onmouseover... can the actual hyperlink (when the user left clicks or
opens) be different from what is displayed in the status bar
onmouseover?
 
The addressbar can by design be programmatically changed to display
anything you want at any time, including when you hover over a link and
the onmouseover event fires. Simply change the window.status property
from JS.

Based on my answer above, I take this as a definite "yes" by the means
of the web designer/developer simply changing the window.status
property in their java script?

Thank you,

...D
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault