Re: [Full-Disclosure] Is there a 0day vuln in this phisher's site?

From: Andrew Clover (and-bugtraq_at_doxdesk.com)
Date: 01/31/05

Next message: Antonio Oliveira: "[Full-Disclosure] Transamericana.org (update)"

Previous message: Paul Laudanski: "[Full-Disclosure] Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability"
In reply to: Larry Seltzer: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 31 Jan 2005 12:12:40 +0900
To: full-disclosure@lists.netsys.com

Larry Seltzer <larry@larryseltzer.com> wrote:

> this assumes the default placement of Address Bar if I'm not mistaken,
> so if the user changes their toolbar layout the popup will give itself away,
> correct?

Correct. In my example I deliberately window.open()ed the target with
fixed toolbar options, which helps a little; the attacks in the wild
aren't bothering to do that, so it's more likely the URL popup will
appear in the wrong place.

[You can't change an existing window's options of course, but it would
be possible to pop a new window then close the original. Theoretically
IE disallows window.close() on top-level windows but that's easily
avoided by assigning to window.opener.]

I expect the tactic could be improved slightly by reading the screen
position of the work area compared to the window outer area to guess the
number of toolbars in use, or something. (One could probably even spoof
the entire toolbar area and SSL padlock.) I couldn't be bothered myself,
but believed a dedicated phisherman might put the effort in. However, it
would seem that actually they're pretty lazy too.

-- 
Andrew Clover
mailto:and@doxdesk.com
http://www.doxdesk.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Antonio Oliveira: "[Full-Disclosure] Transamericana.org (update)"

Previous message: Paul Laudanski: "[Full-Disclosure] Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability"
In reply to: Larry Seltzer: "RE: [Full-Disclosure] Is there a 0day vuln in this phisher's site?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Creating sub menu in Command bar
... However, instead of using a msoControlPopup, you can create ... a popup type toolbar and call it using a regular msoControlButton (which ... >> Dim NewMenu As CommandBarControl ...
(microsoft.public.excel.programming)
Re: Problems with PopUps
... Are you using a toolbar with popup blocking? ... There is a small window that appaers with a "view" link in the lower ... I tried adding the site to the "Allow PopUps" list but still the PopUp ... pop-up blocker components that are turned on by default. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Problems with PopUps
... Are you using a toolbar with popup blocking? ... There is a small window that appaers with a "view" link in the lower ... I tried adding the site to the "Allow PopUps" list but still the PopUp ... pop-up blocker components that are turned on by default. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: MENU/TOOLBAR ON A POPUP FORM?
... Just put the buttons on the form itself, not on a separate toolbar. ... Free Access Downloads ... > properties list of the popup form it always shows not on the popup form ... > interact with the background form, which i am trying to avoid. ...
(microsoft.public.access.forms)
Compile error
... I have copied form Internet a function that creates a toolbar on the fly. ... Dim SubMenuItem As CommandBarButton ... ' Create Main PopUp Menu on Toolbar. ... ' Set properties for the sub button and popup menus. ...
(microsoft.public.access.modulesdaovba)