Go beyond the impossible!

Follow me on Twitter RSS Feeds

Home
About
IRC
Download
MySQL
PostgreSQL

Social Engineering

Social Engineering Link

Mar 29th

Posted by Fredrik Nordberg Almroth in Social Engineering

Well, eventully, i started play around with some JS.

I suppose this method is rather old, but i havn’t seen it around (strangely)..

The exploit is a simple javascript “onclick” event on an “<a>” tag, which changes the “href” value to another site.

<a href=”http://www.good.com” id=”s”

onclick=”document.getElementById(’s’).href=’http://www.evil.com’;”>

http://www.good.com</a>

And here’s the proof of concept: http://www.good.com enjoy!

.Net (3)

Classics (1)

Computer Security (7)

Documentation (6)

Network Security (2)

Nostalgia (1)

Pointless (2)

Social Engineering (1)

Theory (5)

Web Security (14)
April 2010 (19)

March 2010 (5)
Social Engineering Link (3)

Flag execution for easy local privilege escalation (3)

Stack Exhaustion in WebKit.dll – Safari. (3)

180.js (2)

PHP safe_mod Bypasses & Code Execution (2)

Local File Inclusion (2)

Windows Vista – Remote DoS. (1)

carrot.exe (1)

Vista SYN-Flood – BSoD (1)

HTC Hero & Nokia N82 – Overflow(s)? (1)
Search
Our latest tweets

Loading tweets...

Follow me on Twitter!

Freedom means choosing your burden
Copyright © 2010 Ack Ack