[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] InternetExplorer SSL Popup

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] InternetExplorer SSL Popup
From: "Richard Maudsley" <r_i_c_h_lists@xxxxxxxxxxxxxxx>
Date: Thu, 01 Apr 2004 18:01:22 +0100

Hi,

I'm investigating xss issues on ssl servers.

When I inject
<script>window.open("javascript.writeln('test')")</script>
into the page i see some strange things...

Mozzila's (FireFox) new instance shows no relationship with the original
page from which the window was opened. However, Internet Explorer decides
that the new window also belongs to that server and includes the lovely SSL
padlock icon in the status bar. Double clicking this icon (accessing the
securuty report for that domain) shows an message stating; "This type of
document does not have a  security certificate", lovely.

This makes phishing a breeze, I can render a brand new page inside an
apparently secure browser window!

How are XSS vulns exploited in the wild? Bulk mail with the poisoned link?
How is bad html/script be crafted into the original vulnerable page to make
it look legitimate?

-Rich

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
Next by Date: RE: [Full-Disclosure] Block notification / bounce mails (as in DDOS)
Previous by thread: [Full-Disclosure] [SECURITY] [DSA 470-1] New Linux 2.4.17 packages fix several local root exploits (hppa)
Next by thread: Autoreply: [Full-Disclosure] [SECURITY] [DSA 470-1] New Linux 2.4.17 packages fix several local root exploits (hppa)
Index(es):
- Date
- Thread