Bugtraq mailing list archives
Re: URL spoofing bug involving Firefox's error pages and document.write
From: xu shaopei <xisigr () gmail com>
Date: Mon, 27 Jul 2009 20:23:39 +0800
hi ,jplopezy: IN "http://hi.baidu.com/xisigr/blog/item/edbcba00011864de267fb55a.html";, 127.0.0.1 is just a fictitious example. See real examples:http://xisigr.googlepages.com/firefoxspoofing,test 1 is my,test 2 is your.some "%20" for display a "white space" in the Status Bar. On Mon, Jul 27, 2009 at 5:47 PM, Juan Pablo Lopez Yacubian<jplopezy () gmail com> wrote:
xisigr in my opinion not is the same bug because the method is very diferent, and also your poc don' t work, anyway for more information you can enter ( if you have a account) in bugzilla, i report it : 2008-08-23 https://bugzilla.mozilla.org/show_bug.cgi?id=451898 see you 2009/7/27 xu shaopei <xisigr () gmail com>http://hi.baidu.com/xisigr/blog/item/edbcba00011864de267fb55a.html On Sat, Jul 25, 2009 at 4:46 AM, <jplopezy () gmail com> wrote:Application: Firefox 3.0.11 OS: Windows XP - SP3 ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description This software is a popular web browser that supports multiple platforms as (windows,linux,macos). ------------------------------------------------------ Vulnerability The bug is caused when you try to open a url with a invalid char, in this time, you can edit the error page, and make a "spoof". This not would be important because when you make the spoof the "invalid web" is loading all time, but as firefox allow that you call the "stop" method of other page you can stop this. The result of this is a fake page. ------------------------------------------------------ POC/EXPLOIT The poc is a simple script that have a window.open(), it calls the url with invalid char, the invalid char can be a "," or "%" is important that you add some "%20" for display a "white space" in the url. http://es.geocities.com/jplopezy/firefoxspoofing.html PD : I send this to bugzilla ------------------------------------------------------ Juan Pablo Lopez Yacubian
Current thread:
- URL spoofing bug involving Firefox's error pages and document.write jplopezy (Jul 24)
- Message not available
- Message not available
- Re: URL spoofing bug involving Firefox's error pages and document.write xu shaopei (Jul 27)
- Re: URL spoofing bug involving Firefox's error pages and document.write YGN Ethical Hacker Group (http://yehg.net) (Jul 27)
- Message not available
- Message not available
- <Possible follow-ups>
- Re: URL spoofing bug involving Firefox's error pages and document.write security (Jul 27)
- Re: URL spoofing bug involving Firefox's error pages and document.write Michael Wood (Jul 27)