[Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
Jake Cole
jakecoleus at yahoo.com
Thu Oct 20 20:33:02 BST 2005
In "Billy's" defense, this is expected in most
JavaScript-enabled browsers.
Here's a Firefox version:
<a href="http://microsoft.com"
onClick="window.setTimeout('document.write(unescape(\'%3cscript%3ewindow.location=%27http://google.com%27%3c/script%3e\'))')">Microsoft</a>
-----Original Message-----
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On
Behalf Of Nick FitzGerald
Sent: Thursday, October 20, 2005 12:08 PM
To: full-disclosure at lists.grok.org.uk
Subject: [BULK] - Re: [Full-disclosure] New (19.10.05)
MS-IE Url Spoofing bug (byK-Gen).
Mike Camden wrote:
> I thought this was by design since you may have a
known url to go to but
> only after some form of validation has been passed.
IFF that is the case, then it is an extraordinarily
brain-dead design,
as it breaks the very critical "rule" that you should
NOT surprise the
user. A URL link that is shown in the interface to go
one place, but
which goes somewhere else is fundamentally broken
under that rule.
If this is by design, then it's another case of a
feature that breaks
Billy's admonition that security is to trump features,
so should be
fixed.
Regards,
Nick FitzGerald
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
Full-Disclosure is hosted and sponsored by Secunia.