BugTraq
Back to list
|
Post reply
fake location bar
May 13 2003 11:56AM
Liu Die Yu (liudieyuinchina yahoo com cn)
fake location bar
("that's all" is end of file if you are in a hurry)
[tested]
Browser Ver:"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2)
Gecko/20030208 Netscape/7.02 "
OS Ver: "Windows XP Cn ver"
[demo]
http://liudieyuinchina.vip.sina.com/NSNVBackFake/NSNVBackFake-MyPage.htm
[screenshot]
http://liudieyuinchina.vip.sina.com/NSNVBackFake/NSNVBackFake-
Screenshot.htm
[exp]
you open
[CODE.URL]javascript:'some text'
in a new window.
then navigate that window to 'http://www.google.com'.
at last, "history.back()" to make it back to 'some text'.
as you can see in the demo:
location bar is faked.
that's all
[how]
i often check netscape navigator's version by
menu item: "Help" --> "About Netscape",
which navigates my browser to "about:".
after checking it, i navigated to another URL. accidently i
pressed "Back", then the location bar didn't match content.
after several mechanical tries, i got this.
[Krade Internal Test]
i am developing a new plugin for Internet Explorer:
http://liudieyuinchina.vip.sina.com/KradeInternalTest
it's a BHO(browser helper object) enhancing web surfing.
i'll try my best to realize requested features sent to me. so feel free to
request features.
[greetings]
after gean discarded me, life is becoming harder and harder. i would like
to thank the following people who continuously help me:
the pull
dror (www.SafeCenter.net)
and always: mom& dad.
in the very end: thanx for reading, all readers.
best wishes
-----
if you can't access resources mentioned in this document, try:
http://umbrella.mx.tc
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
fake location bar
("that's all" is end of file if you are in a hurry)
[tested]
Browser Ver:"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2)
Gecko/20030208 Netscape/7.02 "
OS Ver: "Windows XP Cn ver"
[demo]
http://liudieyuinchina.vip.sina.com/NSNVBackFake/NSNVBackFake-MyPage.htm
[screenshot]
http://liudieyuinchina.vip.sina.com/NSNVBackFake/NSNVBackFake-
Screenshot.htm
[exp]
you open
[CODE.URL]javascript:'some text'
in a new window.
then navigate that window to 'http://www.google.com'.
at last, "history.back()" to make it back to 'some text'.
as you can see in the demo:
location bar is faked.
that's all
[how]
i often check netscape navigator's version by
menu item: "Help" --> "About Netscape",
which navigates my browser to "about:".
after checking it, i navigated to another URL. accidently i
pressed "Back", then the location bar didn't match content.
after several mechanical tries, i got this.
[Krade Internal Test]
i am developing a new plugin for Internet Explorer:
http://liudieyuinchina.vip.sina.com/KradeInternalTest
it's a BHO(browser helper object) enhancing web surfing.
i'll try my best to realize requested features sent to me. so feel free to
request features.
[greetings]
after gean discarded me, life is becoming harder and harder. i would like
to thank the following people who continuously help me:
the pull
dror (www.SafeCenter.net)
and always: mom& dad.
in the very end: thanx for reading, all readers.
best wishes
-----
if you can't access resources mentioned in this document, try:
http://umbrella.mx.tc
[ reply ]