BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 6d, 10h, 33m | CPU: 60% | MEM: 2396MB of 4553MB used
{The community for beta collectors}

Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 
Author Message
 PostPost subject: MSIE browser entrapment vulnerability.        Posted: Fri Jul 20, 2007 3:18 am 
There is an entertaining yet somewhat frightening vulnerability in
Microsoft Internet Explorer 7 and possibly other browsers.
The flaw is a combination of a boneheaded Javascript onUnload handler
design in many browsers that effectively allows a malicious page to
prevent the visitor from leaving the site, and a flawed method of handling
transitions between pages.
This enables the attacker not only to trap a visitor, but also pretend that
his attempt to navigate to an unrelated webpage was successful - which
enables all sorts of spoofing and phishing attacks.

To test for the vulnerability, simply try manually navigating to
google.com, cnn.com, slashdot.org, or some other site of your choice.
You need to have Javascript enabled.

A live demo is available here

after clicking the "begin" button, a new window/tab opens, go back to the
previous & look at it, Your system could crash if unstopped.
Just hit the back button several times to stop it.
Bear in mind, this is a vulnerability that could be exploited.
most hackers are oppotunist, & this is yet another hole.

Source 1
Source 2


Top
 PostPost subject:        Posted: Fri Jul 20, 2007 3:46 am 
Donator
User avatar
Offline

Joined
Mon Sep 04, 2006 1:06 pm

Posts
1004

Location
USA
My system started to slow down until I closed the tab... Man it even works in firefox...

_________________
Old-Computer
BetaArchive VIP | Ex-OSBA Member


Top  Profile
 PostPost subject:        Posted: Fri Jul 20, 2007 4:45 am 
Donator
User avatar
Offline

Joined
Fri Aug 18, 2006 4:30 pm

Posts
1520

Favourite OS
Mac OS 9.2.2
I'm using the latest version of Firefox on Windows 2000, with a fairly outdated system, and I didn't notice any slowdowns at all.

_________________
Image
Mozilla/5.0 (Macintosh; U; PPC; en-US; mimic; rv:9.3.2) Clecko/20120101 Classilla/CFM
"Stupid can opener! You killed my father, and now you've come back for me!"


Top  Profile
 PostPost subject:        Posted: Fri Jul 20, 2007 4:49 am 
FTP Access
Offline

Joined
Thu Oct 05, 2006 2:21 am

Posts
112
Camino here. I didn't notice any slowdown either. However, I was able to back out of that page after clicking two times.


Top  Profile
 PostPost subject:        Posted: Fri Jul 20, 2007 6:49 am 
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
I didn't encounter any problems, and i could get out easily. I'm using Seamonkey 1.1.2 on XP MCE2005 (up to date)

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject:        Posted: Sat Jul 21, 2007 3:30 am 
Remember lads it's an IE7 glitch, not 6 or whatever else, however I
have seen reports of the problem appearing in other browsers if IE7
was installed on the same system...


Top
 PostPost subject:        Posted: Sat Jul 21, 2007 11:03 am 
FTP Access
User avatar
Offline

Joined
Fri Apr 20, 2007 7:05 am

Posts
201

Location
USA
it works in firefox too, kinda
just hit back once and it stopped...
or just close the tab...

didn't slow anything down

_________________
Image

If you're havin' IE problems, I feel bad for you, son - I got 99 problems but a browser ain't one. - DJ Danger Mime


Image
include email


Top  Profile  WWW
 PostPost subject:        Posted: Wed Jul 25, 2007 11:46 am 
FTP Access
Offline

Joined
Tue Jun 19, 2007 11:04 pm

Posts
124

Location
In front of a Thinkpad
Didn't even phase the greatest browser on earth(Opera 9), even on a dial-up connection.

_________________
http://ubuntu.com
^Ubuntu 8. New installer. Why the heck didn't they do this years ago?


Top  Profile  WWW
 PostPost subject:        Posted: Thu Sep 27, 2007 11:28 pm 
FTP Access
User avatar
Offline

Joined
Sun Sep 09, 2007 12:36 am

Posts
43

Location
Somewhere in between
ZSS9393 wrote:
Didn't even phase the greatest browser on earth(Opera 9), even on a dial-up connection.



Opera use to be good browser before 2003.Nowdays it's the slowest browser you can get ,because its over loaded with [censored].But at least it has less vulnerabilities than IE and FIREFOX.

_________________
:::::: http://www.imagegather.com Your Ultimate Photo Source! ::::::


Top  Profile
 PostPost subject:        Posted: Fri Sep 28, 2007 3:09 am 
FTP Access
User avatar
Offline

Joined
Mon Sep 04, 2006 1:45 pm

Posts
732

Location
Norway

Favourite OS
HP keystroke RPL
nfinitegpu wrote:
Opera use to be good browser before 2003.Nowdays it's the slowest browser you can get ,because its over loaded with s**t.But at least it has less vulnerabilities than IE and FIREFOX.

Thank you for that insightful and well balanced comment on Operas speed and features.
I hope to read more of your posts soon!

_________________
Let's sperg about hardware
E6410 - i5-560m, 8GB, WXGA+, NVS 3100M, Samsung SSD 830 128GB, WWAN, 9-cell, E-Port Plus Replicator
Desktop - i5-2500k (4.3 GHz TB), 8 GB, HD6950 2GB, 2x24" 1080p, Samsung SSD 830 128GB + 2 TB stripe, Xonar D2X


Top  Profile  WWW
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 




Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS