[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Mouseover URL spoof with IE

To: Martin Stricker <shugal@xxxxxx>
Subject: Re: [Full-Disclosure] Mouseover URL spoof with IE
From: bkfsec <bkfsec@xxxxxxxxxxxxxxxx>
Date: Thu, 10 Feb 2005 10:01:49 -0500

Martin Stricker wrote:

<a href="http://bad-site.xx/";
onmouseover="javascript:window.status='http://nice-site.xx';">blah</a>
If you point your mouse over that link, you'll see "http://nice-site.xx";
in the status bar, but clicking will lead you to http://bad-site.xx/.
This is already widely used in spoof e-mails.

[.xx is a ccTLD which, per RFC and ISO standard, will *never* be used,
so my example domains will never exist. Just a precaution.]

As a side-note...

This action is carried out by the browser's javascript interpreter and, as such, if you use a browser (like Mozilla) where you can disable the window.status JS object, this spoofing will not work. (I'm sure that there are other ways to trick it, perhaps, but this does not work once it's disabled in the browser.)

-Barry


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Mouseover URL spoof with IE
  - From: Thor Larholm
- Re: [Full-Disclosure] Mouseover URL spoof with IE
  - From: Danny
- Re: [Full-Disclosure] Mouseover URL spoof with IE
  - From: Martin Stricker

Prev by Date: Re: [Full-Disclosure] Administrivia: List Compromised due to Mailman Vulnerability
Next by Date: Re: [Full-Disclosure] Administrivia: List Compromised due to Mailman Vulnerability
Previous by thread: Re: [Full-Disclosure] Mouseover URL spoof with IE
Next by thread: [Full-Disclosure] [USN-78-1] Mailman vulnerability
Index(es):
- Date
- Thread