Lucene search
K

103 matches found

Kitploit
Kitploit
added 2017/11/09 8:39 p.m.606 views

EvilURL - An Unicode Domain Phishing Generator for IDN Homograph Attack

An unicode domain phishing generator for IDN Homograph Attack. VIDEO DEMO CLONE git clone https://github.com/UndeadSec/EvilURL.git RUNNING cd EvilURL python evilurl.py PREREQUISITES python 2.7 TESTED ON Kali Linux - ROLLING EDITION Download EvilURL...

7.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2017/10/13 11:59 a.m.11 views

Google Busy Removing More Malicious Chrome Extensions from Web Store

Google scrambled this week to remove a malicious Chrome extension from its store and users’ machines after a popular Twitter account disclosed the issue publicly. The incident ramped up again one day later when the developers were able to get two other shady plugins past Google’s defenses before...

7AI score
Exploits0References6
Malwarebytes
Malwarebytes
added 2017/10/09 8:26 p.m.42 views

A week in security (October 02 – October 08)

Last week, we gave you some tips for National Cybersecurity Awareness Month, walked through an exploration of a small adware file, and explored the complicated world of the Homograph attack. Here's what else happened in security. VB2017 Many of our team members attended VB2017 in Madrid, one of t...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2017/09/24 3:25 p.m.97 views

HackerOne: Homograph fix Bypass

Hello Hackerone! I have possibly found a way to bypass your current Homograph Attack Fix. Lets look at two HACKERONE Redirect URL: CASE 1: https://hackerone.com/redirect?signature=829727b4188c43dcf394fd841fd19a8b7f391bd1&url=https%3A%2F%2Fwww.yelp.com%2F Got the above link generated by posting...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2017/09/17 5:42 a.m.40 views

Brave Software: Homograph Attack Bypass [ Tested on Linux & Windows ]

Summary: at 175286 you has been patched, and i try it work, but i've another way to bypass it. when we add a site to our Homepage with @, it's not validate a url properly, make sure it's display the punycode. Products affected: Brave 0.18.36 Linux & Windows Steps To Reproduce: 1. In browser add...

Exploits0
Hacker One
Hacker One
added 2017/09/15 4:16 p.m.31 views

GSA Bounty: Homo graphs attack

Hi there, Greeting for the day, hope you are doing good, In Federa localhost i found homograph attack, Here i made homograph for the ebay.com, when see this link its look like normal simple text link but no its not, however, when you click on this particular link you might be think that you are...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2017/09/06 2:16 p.m.19 views

IDN Homograph Attack Spreading Betabot Backdoor

An IDN homograph attack leveraging Adobe’s brand has been discovered, with the malicious site spreading the Betabot backdoor and ultimately infecting compromised machines with cryptocurrency-mining and data-stealing malware. Attacks using internationalized domain name homographs rely on users...

0.5AI score
Exploits0References3
seebug.org
seebug.org
added 2017/04/19 12:0 a.m.14 views

Whole-script confusable domain label spoofing

Posted by Xudong Zheng Before I explain the details of the vulnerability, you should take a look at the proof-of-concept. Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. Fo...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2017/04/17 3:17 a.m.11 views

This Phishing Attack is Almost Impossible to Detect On Chrome, Firefox and Opera

A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet. He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/04/16 8:32 p.m.26 views

Brave Software: homograph-attack (unicode vuln)

Hi team Summary: Affacted product appears identicaly different websites domains attacker uses unicode to register domains that look identical to real domains ,These fake domains can be used to fool users into signing into a fake website, thereby handing over their login credentials to an...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2016/10/12 4:25 a.m.33 views

Brave Software: Homograph attack

Summary: when we add a site to our Homepage, it's not validate a url properly, make sure it's display the punycode. Products affected: Brave 0.12.4 Tested on mac os Steps To Reproduce: In browser add homepage with IDN http://ebаy.com/ now close and open browser again you can see it's redirect to...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/09/29 3:37 p.m.38 views

Yelp: IDNs displayed in unicode in messages/about/talk sections (Homograph Attack)

Hello Yelp, Please refer https://en.wikipedia.org/wiki/Internationalizeddomainname to know more about IDNs. The IDN Internationalized Domain Name : http://ebаy.com/ is a homograph for the latin ebay.com. if you click that first link, you might think that you are going to ebay.com but in fact, you...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2016/06/10 12:34 a.m.12 views

HackerOne: Homograph attack in escalate report

Hi There, i think i found issue lead to forced the victim user to open malicious site: http://ebаy.com/ please open this: http://ebаy.com/ after that you will see external link warning page and you will see the real site: http://xn--eby-7cd.com/ and that's the way you protected users from this...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2015/05/03 8:50 p.m.35 views

HackerOne: Fake URL + Additional vectors for homograph attack

Hello! I would like to report about a new issue based on "@" character in URL. It shows user real URL but when he clicks "Proceed", he is redirected to another website. For example, it seems as normal HackerOne URL:...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2015/05/03 2:29 a.m.60 views

HackerOne: Homograph attack

Hi, I would like to report an incomplete fix of 58612 is. In short, backslash is not taken in consideration. PoC \http://ebay.com http://ebay.com...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2015/05/03 2:26 a.m.22 views

HackerOne: Homograph Attack

Hello HackerOne, Fix of Report 29491 and 58612 is incomplete. I found another way to to replicate homograph attack using Hex Code: www.%00ebаy.com www.%01ebаy.com www.%02ebаy.com www.%03ebаy.com www.%04ebаy.com www.%05ebаy.com www.%06ebаy.com www.%07ebаy.com www.%08ebаy.com www.%0Bebаy.com...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2015/04/26 5:58 p.m.22 views

HackerOne: Homograph attack

Hello! I would like to report that fix of report 29491 is incomplete. There is another way to reproduce homograph attack: or IDNs are displayed in unicode and there is no encoding into Punycode on external link warning page Thanks! - Matvejs...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2014/11/22 10:43 a.m.14 views

X (Formerly Twitter): Homograph attack.

In the report 31193 cmiller said "Twitter does warn if the user tries to visit a malicious URL while passing through our t.co URL shortening service. Thanks!" URL redirection warning not given for punny code URL. ATTACK: I mainly envision using this as an attack against admins of programs that us...

7AI score
Exploits0
Hacker One
Hacker One
added 2014/09/30 6:51 p.m.85 views

HackerOne: homograph attack. IDNs displayed in unicode in bug reports and on external link warning page

the IDN: http://ebаy.com/ is a homograph for the latin ebay.com. if you click that first link, youm might think that you are going to ebay.com. in fact, you are going to a homograph url http://xn--eby-7cd.com/ more info http://www.chromium.org/developers/design-documents/idn-in-google-chrome more...

1.1AI score
Exploits0
NVD
NVD
added 2009/02/20 7:30 p.m.18 views

CVE-2009-0652

The Internationalized Domain Names IDN blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by...

5.8CVSS6.4AI score0.01497EPSS
Exploits0References23
Rows per page
Query Builder