OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: [Full-Disclosure] Mouseover URL spoof with IE

From: Thor Larholm (thorpivx.com)
Date: Wed Feb 09 2005 - 14:24:29 CST


I'm guessing you are refering to the status bar which displays the
address of a link onmouseover.

The addressbar can by design be programmatically changed to display
anything you want at any time, including when you hover over a link and
the onmouseover event fires. Simply change the window.status property
from JS.

Thor

-----Original Message-----
From: full-disclosure-bounceslists.netsys.com
[mailto:full-disclosure-bounceslists.netsys.com] On Behalf Of Danny
Sent: Wednesday, February 09, 2005 8:32 PM
To: Full-Disclosure (E-mail)
Subject: [Full-Disclosure] Mouseover URL spoof with IE

Can the URL displayed on a mouseover in IE, be spoofed?

Thank you,

...D
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html