I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location…
This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites).
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 + Microsoft Windows XP SP2 and previous versions.
Sample code:
If you are vulnerable you will see the flash intro of buctuong.com while the address bar is http://www.microsoft.com/ If you have a very fast connection you may change my flash application to a larger one to make loading time take longer.
This spoofing technique discovered and proved by
Hai Nam Luke
K46A – NEU, Hanoi
Hello darknet,
This is Hungry Hacker from the site mentioned above. I liked your website and I would like to perform link exchange with your website. If you are interested then reply me.
Regards,
Hungry Hacker.