|
|
 |
| New User, Welcome! Login |
Re: Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw
| From: |
Peter Watkins <peterw tux org> |
| To: |
Michal Zalewski <lcamtuf coredump cx> |
| Cc: |
Aditya K Sood <0kn0ck secniche org>, websecurity webappsec org, bugtraq securityfocus com |
| Subject: |
Re: Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw |
| Date: |
Tue - Jan 05, 2010 02:49 PM |
On Tue, Jan 05, 2010 at 10:49:07AM -0800, Michal Zalewski wrote:
> > Video: http://www.secniche.org/videos/google_chrome_link_inj.html
>
> You might find it informative to review the section of BSH on URL parsing:
> http://code.google.com/p/browsersec/wiki/Part1#Uniform_Resource_Locators
Also, a considerable part of Aditya's concern seems to be the disconnect
between what the user sees in the Status Bar and the actual link target.
It's easy to conceal the link's URL on a page in which the attacker can embed
Javascript (e.g., on an attacker's Web site, but not in a well-designed
webmail system) with code like the following:
<a href="http://google.com/"
onClick="this.href='http://evil.example.com/';">Google</a>
99% of users would see google.com in the status bar, and even "visited"
link CSS treatment suggesting the link pointed to a page they've already
seen, making the link appear more trustworthy. This simple technique seems
to circumvent any browser settings regarding changing or hiding the status
bar text.
(Forgive my not digging up a reference for this approach -- surely someone
else has written about this technique already.)
-Peter
http://www.tux.org/~peterw/
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
