Printable View
a new pop-up hijack proof of concept popped up on secunia today (http://secunia.com/) and all the popular browsers are listed as being vulnerable. looks like someone can inject a frame into a target window if the window's name is known. as usual don't be an idiot playing with your money or doing anything important online
Helps to have the direct link to the vulnerability since Secunia lists many:
Interestingly enough, I tried it on my Mozilla and couldn't get either version to work. They say they have tested it on Mozilla 1.7.3 (which is what I have) but their sample tests didn't do anything. Anyone else get results?
I'm using a recent Nightly Build of the Mozilla Suite (Mozilla 1.8a6 "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20041206") and the test works for me. that is: my browser is vulnerable.
I opened the "With Pop-up Blocker" link at this page and followed the instructions on that page (clicked on the button that's mentioned in step 1).
I got a popup with this message:EDIT: There seems to be a bug (?) in AntiOnline: the url gets aQuote:
The pop-up window you requested to open via the CitiBank web site is now controlled by Secunia.com.
after a number of characters. Remove it from the URL, otherwise you'll get forwarded to a 404-page. The last part of the URL should be: vulnerability_test/
Hey Hey,
I've played with it on IE 6.0.2900.2180.xpsp_sp2_rtm_040803-2158 and it's also vulnerable to it...
However I can definately confirm that lynx and links aren't vulnerable :) ... I guess the real browsers never really break.... Yet another reason why fancy GUIs and multiple windows are useless :P
Here's what I'm wondering... can we really call it a vulnerability? It's a serious of commands functioning exactly how they're supposed to.. It's really more of problem of someone having the time to think of this.... It's actually a series of legit commands... are we going to redefine standards and protocols so that target doesn't exist anymore?? I'm not sure I blame the browser vendors on this one.... The only real fix is to have each new browser window keep track of it's parent window and only allow actions to be passed to it from _parent and _self... Browsers are already big enough memory hogs.. I think this would only make that issue worse..
Peace,
HT
Secunia was able to take over a link on the website of a bank. If you don't want to call it a bug, call it at least a security defect :)
I got this information from another source today and tested on my XP SP2/IE 6.0.2900. I have Google toolbar installed, but the IE popup blocker worked, even though it is claimed to bypass it.
Not sure about Secunia's claims. They have been pretty sound in the past.