|
Full Disclosure
mailing list archives
Re: Is there a 0day vuln in this phisher's site?
From: Andrew Clover <and-bugtraq () doxdesk com>
Date: Sun, 30 Jan 2005 18:23:37 +0900
Paul Kurczaba <seclists () securinews com> wrote:
After some research, I found the script "exploit(s) an
Internet Explorer vulnerability resulting in Internet Explorer displaying
one location in the Address bar, but actually loading the content from a
different site."
Yep, this is a straight copy of my example posted here:
http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie
I have seen a few other phish in the wild using this exploit too.
I'm alarmed to see this still works in IE6SP2, as Microsoft fixed most
of the problem in one of the SP2 betas, by limiting createPopup windows
to the windows work area. Evidently they reversed the fix for the final
SP2 release. SP2 is safe from the issue where popups can appear over
dialogs, but it seems it is still vulnerable to spoofing everything
else. Great.
--
Andrew Clover
mailto:and () doxdesk com
http://www.doxdesk.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
| 
Intro
