|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] InternetExplorer SSL Popup
From: Richard Maudsley (r_i_c_h_lists
btopenworld.com)
Date: Thu Apr 01 2004 - 11:01:22 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I'm investigating xss issues on ssl servers.
When I inject
<script>window.open("javascript.writeln('test')")</script>
into the page i see some strange things...
Mozzila's (FireFox) new instance shows no relationship with the original
page from which the window was opened. However, Internet Explorer decides
that the new window also belongs to that server and includes the lovely SSL
padlock icon in the status bar. Double clicking this icon (accessing the
securuty report for that domain) shows an message stating; "This type of
document does not have a security certificate", lovely.
This makes phishing a breeze, I can render a brand new page inside an
apparently secure browser window!
How are XSS vulns exploited in the wild? Bulk mail with the poisoned link?
How is bad html/script be crafted into the original vulnerable page to make
it look legitimate?
-Rich
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]