Netscape Communicator code injection in JavaScript console using

From: Georgi Guninski (joroat_private)
Date: Sun Jun 06 1999 - 03:15:08 PDT

Next message: Georgi Guninski: "Netscape Communicator code injection in JavaScript console using"

Previous message: Walter Misar: "Re: weaknesses in dns label encoding"
Next in thread: Georgi Guninski: "Netscape Communicator code injection in JavaScript console using"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a bug in Netscape Communicator 4.6 Win95, 4.07 Linux (probably
all 4.x are affected), which allows sniffing URLs from another window.
The problem is the injection of JavaScript code in the JavaScript
console using the "view-source:" protocol.
Access to document.links is disallowed in NC 4.6, but the document may
be read using find().
For more information, examine the source.

Workaround: Disable Javascript.

Demonstration is available at: http://www.nat.bg/~joro/viewtrack.html

Regards,
Georgi Guninski
 http://www.nat.bg/~joro
 http://www.whitehats.com/guninski

Next message: Georgi Guninski: "Netscape Communicator code injection in JavaScript console using"
Previous message: Walter Misar: "Re: weaknesses in dns label encoding"
Next in thread: Georgi Guninski: "Netscape Communicator code injection in JavaScript console using"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:16 PDT