Navigation

IE Address Bar Spoofing

April 4, 2006 | 9,857 views

I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location…

This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites).

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 + Microsoft Windows XP SP2 and previous versions.
Sample code:

Perform the test

If you are vulnerable you will see the flash intro of buctuong.com while the address bar is http://www.microsoft.com/ If you have a very fast connection you may change my flash application to a larger one to make loading time take longer.

This spoofing technique discovered and proved by

Hai Nam Luke
K46A – NEU, Hanoi

Shares 0

Posted in: Exploits/Vulnerabilities

antitrust, browser-spoof, IE, IE-exploit, internet-explorer, spoof, vulnerability

Recent in Exploits/Vulnerabilities:
- WannaCry Ransomware Foiled By Domain Killswitch
- Intel Finally Patches Critical AMT Bug (Kinda)
- Shadow Brokers Release Dangerous NSA Hacking Tools

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 238,084 views
- AJAX: Is your application secure enough? - 120,649 views
- eEye Launches 0-Day Exploit Tracker - 86,220 views

The Tale of a Real Malaysian E-mail Spammer Exposed – Webflexx

AJAX: Is your application secure enough?

One Response to IE Address Bar Spoofing

Hungry Hacker July 11, 2008 at 7:09 am #

Hello darknet,
This is Hungry Hacker from the site mentioned above. I liked your website and I would like to perform link exchange with your website. If you are interested then reply me.
Regards,
Hungry Hacker.