Dear bugtraq readers, The JavaScript code posted before raised a lot of questions. Below you'll find some answers. Q: Does the page have to get a visitor to click a link for the script to run ? A: Script can be started like all the scripts (just insert it into html and that's all). It doesn't require any interaction with visitors. On my Tools-On.Net site the click just leads you to one of the tools that displays the information about the visitor (to make the demonstration more complete). Q: How it works ? Is alert() safe ? A: Alert() is safe. But the code can include any other instruction as well. The JavaScript on the demo page just checks if the URL is "chained" and then changes document.location to the same page but without anonymizing. NOTE: the verification is needed only because the location will be changed to the _same_ page. This step (checking current document.location) can be skipped if the site redirects user to a different page. Q: Does SafeWEB.com have the same issues? A: I had a look at SafeWeb today. Since it uses different approach to isolate dangerous JavaScript instructions the demo code won't work. SafeWeb doesn't let the script to verify if the URL is chained and correctly intercepts any attempts to change document.location or issue location.replace function. But the answer is ... "yes". To let the demo script verify the original URL we'll have to override fugunet_fixloc function. Then, to redirect current frame to unsecure location we can use "assign" method. The current "redirect" demo is available at: http://tools-on.net/privacy.shtml (click on the "Go" button below "Holmes/Who" and look at the report) You can also use direct (temp.) link to the "Who" tool: http://tools-on.net/privacy.shtml?o=who&t=4557701001675& The demo works for Anonymizer as well as for SafeWeb. Best regards, Alexander ---------------------------------------------------------------------- MCP+I, MCSE http://Tools-On.Net - Free tools for connected people. http://Leader.Ru - Leader's Smart Guide. ----------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 13:16:25 PDT