[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Safari vulnerable to URL spoofing
From:       Gilbert Verdian <gverdian () neoresearch ! org>
Date:       2004-10-31 14:21:35
Message-ID: 2BB5E177-2B48-11D9-A9F4-000A95A012EE () neoresearch ! org
[Download RAW message or body]

Following the discovery by Benjamin Tobias Franz for spoofing URLs in 
IE by using tables within links.

http://www.packetstormsecurity.nl/0410-advisories/msieLink.txt

It is possible to spoof URLs under OS X in the latest Safari browser 
1.2.3 (v125.9) by using the same method.
Ironically, this does not work with Internet Explorer on OS X version 
5.2.3 (5815.1).

Tested on OS X 10.3.5 (build 7M34) with latest software update.

Further details and example at 
http://www.neoresearch.org/[neo]safari_url_spoof.html

regards,

Gilbert Verdian
neoresearch.org

[prev in list] [next in list] [prev in thread] [next in thread]