BugTraq
Konqueror: URL address bar spoofing vulnerabilities Aug 06 2007 09:44PM
Robert Swiecki (jagger swiecki net) (2 replies)

There are vulnerabilities in Konqueror that allow an attacker to
spoof the URL adddress bar.

The first example uses setInterval() call with relatively small interval
value (e.g. 0) to change window.location property. A browser is
entrapped within the attacking web site while the user thinks that
browser actually left the page.

http://alt.swiecki.net/konq2.html

The very similar problem affects Apple Safari (3.0.3) but due to
recent changes in Safari code (vide
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it's a lot harder to
conduct a successful attack - URL address bat content changes so
frequently so the attack is revealed to the user (variants of attack are
currently under investigation).

The second one is based on the http URI scheme which allows embedding
user/password parameters into it, i.e. http://user:password (at) domain (dot) com. [email concealed]
Such parameters can contain whitespaces, so the attack vector is quite
obvious.

http://alt.swiecki.net/konq3.html

Tested with Konqueror 3.5.7 on Linux 2.6

The snapshot from my dekstop:
http://alt.swiecki.net/konq3.png

--
Robert Swiecki

[ reply ]
Re: Konqueror: URL address bar spoofing vulnerabilities Aug 06 2007 11:29PM
paraw (paraw yahoo it) (1 replies)
Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities Aug 07 2007 05:13AM
Robert Swiecki (jagger swiecki net) (1 replies)
Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities Aug 07 2007 08:58PM
Patrick Nagel (mail patrick-nagel net)
Re: Konqueror: URL address bar spoofingvulnerabilities Aug 06 2007 10:37PM
Jonathan Smith (smithj rpath com) (1 replies)
Re: [Full-disclosure] Konqueror: URL address barspoofingvulnerabilities Aug 06 2007 11:33PM
Jonathan Smith (smithj rpath com)


 

Privacy Statement
Copyright 2010, SecurityFocus