Navigation

IE Address Bar Spoofing

Last updated: July 21, 2010 | 9,892 views

I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location…

This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites).

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 + Microsoft Windows XP SP2 and previous versions.
Sample code:

Perform the test

If you are vulnerable you will see the flash intro of buctuong.com while the address bar is http://www.microsoft.com/ If you have a very fast connection you may change my flash application to a larger one to make loading time take longer.

This spoofing technique discovered and proved by

Hai Nam Luke
K46A – NEU, Hanoi

0 Shares

Posted in: Exploits/Vulnerabilities

antitrust, IE, IE-exploit, internet-explorer, vulnerability

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage

Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,

April 30, 2022 - 30 Shares

CFRipper - CloudFormation Security Scanning & Audit Tool

CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool

January 24, 2022 - 15 Shares

CredNinja - Test Credential Validity of Dumped Credentials or Hashes

CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.

January 5, 2022 - 20 Shares

assetfinder - Find Related Domains and Subdomains

assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.

December 30, 2021 - 16 Shares

Karkinos - Beginner Friendly Penetration Testing Tool

Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.

August 31, 2021 - 293 Shares

Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory

Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

July 7, 2021 - 205 Shares

The Tale of a Real Malaysian E-mail Spammer Exposed – Webflexx

AJAX: Is your application secure enough?

One Response to IE Address Bar Spoofing

Hungry Hacker July 11, 2008 at 7:09 am #

Hello darknet,
This is Hungry Hacker from the site mentioned above. I liked your website and I would like to perform link exchange with your website. If you are interested then reply me.
Regards,
Hungry Hacker.