Apple Safari Web Browser 1.x – HTML Form Status Bar Misrepresentation

Apple Safari Web Browser 1.x – HTML Form Status Bar Misrepresentation

漏洞ID 1054814 漏洞类型
发布时间 2004-12-15 更新时间 2004-12-15
图片[1]-Apple Safari Web Browser 1.x – HTML Form Status Bar Misrepresentation-安全小百科CVE编号 N/A
图片[2]-Apple Safari Web Browser 1.x – HTML Form Status Bar Misrepresentation-安全小百科CNNVD-ID N/A
漏洞平台 OSX CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24843
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/11949/info

A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site.

The issue presents itself when an attacker creates an HTML form with the submit 'value' property set to a legitimate site and the 'action' property set to the attacker-specified site. The malicious form could also be embedded in a link using the HTML Anchor tag and specifying the legitimate site as the 'href' property. As a result, the attacker-supplied link would point to the legitimate site and the status bar would display the address of the legitimate site as well.

<form action="http://www.malicious.com/" method="get">
<a href="http://www.example.com/"><input type="image" src="http://images.example.com/title.gif"></a>
</form>

相关推荐: Opera Web browser 7.54 java implementation – Multiple Vulnerabilities (1)

Opera Web browser 7.54 java implementation – Multiple Vulnerabilities (1) 漏洞ID 1054761 漏洞类型 发布时间 2004-11-19 更新时间 2004-11-19 CVE编号 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享