Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Full Disclosure: Konqueror: URL address bar spoofing vulnerabilities

Konqueror: URL address bar spoofing vulnerabilities

From: Robert Swiecki <jagger_at_swiecki.net>
Date: Mon, 06 Aug 2007 23:44:15 +0200

There are vulnerabilities in Konqueror that allow an attacker to
spoof the URL adddress bar.

The first example uses setInterval() call with relatively small interval
value (e.g. 0) to change window.location property. A browser is
entrapped within the attacking web site while the user thinks that
browser actually left the page.

http://alt.swiecki.net/konq2.html

The very similar problem affects Apple Safari (3.0.3) but due to
recent changes in Safari code (vide
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it's a lot harder to
conduct a successful attack - URL address bat content changes so
frequently so the attack is revealed to the user (variants of attack are
currently under investigation).

The second one is based on the http URI scheme which allows embedding
user/password parameters into it, i.e. http://user:password@domain.com.
Such parameters can contain whitespaces, so the attack vector is quite
obvious.

http://alt.swiecki.net/konq3.html

Tested with Konqueror 3.5.7 on Linux 2.6

The snapshot from my dekstop:
http://alt.swiecki.net/konq3.png 

-- 
Robert Swiecki
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Aug 06 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]