Re: [users@httpd] Spoofing URLs in the address bar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 11:14 AM 11/15/2006, you wrote:
Is it possible to display a different URL than the actual site that the browser is contacting in the address portion of a browser? I had thought the only options for the URL were either the actual site, or the proxy server site in the instance where you are using a proxy.

I'm asking this as a security question. If a user gets an email and clicks on a link (the HREF can say anything it wants), is it possible to have the browser show <http://www.citibank.com>http://www.citibank.com in the address bar when it's really connected to some Chinese malware site?

I know that there are exploits out there for IE, but lets assume I've got fully patched IE or Firefox and that we don't have some bizarre DNS tainting or the like going on.

There's a 'trick' if you will that LOOKS like a address bar.

basically some Java script that makes the browser go to full screen, then basically has a JPG / GIF on top of a fake address bar.

Or even java script that 'looks' like the address bar, and is clickable.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux