Full Disclosure mailing list archives
Re: Is there a 0day vuln in this phisher's site?
From: Andrew Clover <and-bugtraq () doxdesk com>
Date: Sun, 30 Jan 2005 18:23:37 +0900
Paul Kurczaba <seclists () securinews com> wrote:
After some research, I found the script "exploit(s) an Internet Explorer vulnerability resulting in Internet Explorer displaying one location in the Address bar, but actually loading the content from a different site."
Yep, this is a straight copy of my example posted here: http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie I have seen a few other phish in the wild using this exploit too.I'm alarmed to see this still works in IE6SP2, as Microsoft fixed most of the problem in one of the SP2 betas, by limiting createPopup windows to the windows work area. Evidently they reversed the fix for the final SP2 release. SP2 is safe from the issue where popups can appear over dialogs, but it seems it is still vulnerable to spoofing everything else. Great.
-- Andrew Clover mailto:and () doxdesk com http://www.doxdesk.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Is there a 0day vuln in this phisher's site? lists-security (Jan 29)
- RE: Is there a 0day vuln in this phisher's site? Paul Kurczaba (Jan 29)
- RE: Is there a 0day vuln in this phisher's site? lists-security (Jan 29)
- Re: Is there a 0day vuln in this phisher's site? morning_wood (Jan 30)
- Re: Is there a 0day vuln in this phisher's site? Andrew Clover (Jan 30)
- RE: Is there a 0day vuln in this phisher's site? Larry Seltzer (Jan 30)
- Re: Is there a 0day vuln in this phisher's site? Thierry Zoller (Jan 30)
- Re: Is there a 0day vuln in this phisher's site? Andrew Clover (Jan 30)
- RE: Is there a 0day vuln in this phisher's site? lists-security (Jan 29)
- RE: Is there a 0day vuln in this phisher's site? Paul Kurczaba (Jan 29)