mailing list archives
Re: New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 22 Oct 2005 05:39:54 +1300
Raoul Nakhmanson-Kulish to me:
Cross-platform code (remove line breaks to test):
Works OK in MSIE 6.0/Win2003 SP1 fully patched, Mozilla 1.7.12, Opera 8.50.
In my Win2KSP4+, Mozilla 1.0.7 it doesn't work
Do you mean Mozilla Firefox 1.0.7?
Yes -- fingers don't work as fast as grey matter...
Had you removed line breaks (there must be a space between "return" and
Yes, and yes, but I missed (in my hurry) that this (your?) "example"
was not the OP's. My comments apply to the OP's code -- in Firefox
1.0.7 on Win2K SP4 UR1+ the spoof does NOT work -- mouse-over the link
and it is to MS and clicking it takes you to MS.
BUT, as I also said, if you then hit "go back", instead of taking you
to the original PoC page Firefox takes you "back" to Google (another
"go back" takes you to the PoC page and now Google and then MS is in
your forward browser history).
IE 6.0 SP1+ is even weirder with the original PoC, as regards "go back"
behaviour -- it seems that trying to go back to the PoC page (from
Google, as the forward spoof works) causes the spoof script to be re-
run, popping you back to Google despite the mouse-over location for the
"go back" button being the URL to the PoC. However, selecting the
first instance of the PoC URL from the drop-down on the "go back"
button successfully reloads the PoC page...
I tested the code in FF 1.0.7 on fully patched Win2K SP4 UR1. It works.
Yes, your (the above) code works on Firefox 1.0.7 and does not have the
"go back" weirdness in either Firefox or IE.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/