Navigation



IE Address Bar Spoofing

Last updated: July 21, 2010 | 9,881 views


I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location…

This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites).

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 + Microsoft Windows XP SP2 and previous versions.
Sample code:


Perform the test

If you are vulnerable you will see the flash intro of buctuong.com while the address bar is http://www.microsoft.com/ If you have a very fast connection you may change my flash application to a larger one to make loading time take longer.

This spoofing technique discovered and proved by

Hai Nam Luke
K46A – NEU, Hanoi

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares
Posted in: Exploits/Vulnerabilities

, , , ,


Latest Posts:


Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
March 29, 2020 - 116 Shares
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
March 24, 2020 - 101 Shares
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
February 27, 2020 - 556 Shares
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
February 19, 2020 - 243 Shares
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
February 14, 2020 - 297 Shares
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
February 10, 2020 - 253 Shares


One Response to IE Address Bar Spoofing

  1. Hungry Hacker July 11, 2008 at 7:09 am #

    Hello darknet,
    This is Hungry Hacker from the site mentioned above. I liked your website and I would like to perform link exchange with your website. If you are interested then reply me.
    Regards,
    Hungry Hacker.