Re: [Full-Disclosure] Is there a 0day vuln in this phisher's site?

From: Andrew Clover (and-bugtraq_at_doxdesk.com)
Date: 01/30/05

Next message: Larry Seltzer: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"

Previous message: Sune Kloppenborg Jeppesen: "[Full-Disclosure] [ GLSA 200501-41 ] TikiWiki: Arbitrary command execution"
In reply to: Paul Kurczaba: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"
Next in thread: Larry Seltzer: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"
Reply: Larry Seltzer: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 30 Jan 2005 18:23:37 +0900
To: full-disclosure@lists.netsys.com

Paul Kurczaba <seclists@securinews.com> wrote:

> After some research, I found the script "exploit(s) an
> Internet Explorer vulnerability resulting in Internet Explorer displaying
> one location in the Address bar, but actually loading the content from a
> different site."

Yep, this is a straight copy of my example posted here:

http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie

I have seen a few other phish in the wild using this exploit too.

I'm alarmed to see this still works in IE6SP2, as Microsoft fixed most
of the problem in one of the SP2 betas, by limiting createPopup windows
to the windows work area. Evidently they reversed the fix for the final
SP2 release. SP2 is safe from the issue where popups can appear over
dialogs, but it seems it is still vulnerable to spoofing everything
else. Great.

-- 
Andrew Clover
mailto:and@doxdesk.com
http://www.doxdesk.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Larry Seltzer: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"

Previous message: Sune Kloppenborg Jeppesen: "[Full-Disclosure] [ GLSA 200501-41 ] TikiWiki: Arbitrary command execution"
In reply to: Paul Kurczaba: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"
Next in thread: Larry Seltzer: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"
Reply: Larry Seltzer: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: New install of winxp home.....
... Download the SP2 and all subsequent patches on another already secured ... Turn on "Automatic Updates" and create the following registry key to be ... If you are going to use Internet Explorer and Outlook Express: ...
(microsoft.public.security)
Re: Help on "right click" "save picture as"... only option is .bmp
... Download, unzip and merge the REG file, "JPE/JPG/JPEG Association Fix" ... Programs that may behave differently in WinXP SP2 ... Replies are posted only to the newsgroup for the benefit or other readers. ... In Internet Explorer, click Tools, and then click Internet ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: IE corrupted maybe
... Yes....you will need to uninstall the SP2 first in order to complete the ... Unable to Install Internet Explorer 6 on Windows XP ... How to reinstall or repair Internet Explorer and Outlook Express in Windows ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: "active content"
... I'm running Win XP SP2 and I had no trouble with the site at all. ... Description of the Internet Explorer Information Bar in Windows XP SP2 ... > JavaScript and embedded Flash files now don't work. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Folder opening on boot
... Internet Explorer v6.00 SP2 ... > HijackThis, run the program, save the results in a log file and post it here. ...
(microsoft.public.windowsxp.general)