An interesting article on social engineering exploits. This was particularly interesting:
"While I was testing this, I noticed that the javascript: command in browser's address bar works only in Mozilla Firefox and Google Chrome (you can easily test this by writing javascript:alert("test") into the address bar), so the attack didn't work for Internet Explorer users (is that a first . (it wasn't
UPDATE: Thanks to all readers who sent an e-mail and those that posted the comments below - Giorgio was right, I tested it in a blank tab in IE and it works without any problems on a page. Now that I think about this attack, it makes it even scarier since the web page had about 100.000+ fans before it got shut down by Facebook!"
Who needs exploits when you have social engineering?
http://isc.sans.org/diary.html?storyid=8710
Updated quote: Internet Explorer executes the javascript when not on a blank tab.
Javascript in address bar
Javascript in address bar
Last edited by Jim Too on Thu Apr 29, 2010 3:04 pm, edited 1 time in total.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a5pre) Gecko/20100429 Minefield/3.7a5pre Firefox/3.6
Re: Javascript in address bar
Something else going on as it sure does work in IE (8).
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100317 SeaMonkey/2.0.4
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Javascript in address bar
It works in Opera, as well.
The author of the article was probably trying on a blank tab, where it actually doesn't work.
IE8 fully supports this feature (which is useful in many contexts, including bookmarklets development and test).
The author of the article was probably trying on a blank tab, where it actually doesn't work.
IE8 fully supports this feature (which is useful in many contexts, including bookmarklets development and test).
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3