Filed under: Exploits, Phishing, XSS
posted by D1m on 15 Mar 2007 09:56 am
Internet Explorer 7: Phishing Using Local Resource Vulnerability
Aviv Raff has published on his blog an interesting proof of concept of the vulnerability affecting Internet Explorer v7: a cross-site scripting in the navcancl.htm local resource.
This resource is called when the navigation to a page has been canceled, it displays an error message with a link to reload the current page, however the link is not filtered before being used (successful exploitation requires the user to click on the link). The researcher also explains how the browser does not show in the URL the local resource when it is called, this design flaw can thus be combined with the XSS vulnerability to conduct very dangerous phishing attacks.
A PoC is available on the Aviv Raff’s website:
http://www.raffon.net/research/ms/ie/navcancl/cnn.html
For those who do not have Internet Explorer 7, a video is also provided:
http://raffon.net/videos/ie7navcancl.wmv
Original News #1: http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx by Aviv Raff
Original News #2: http://www.xssed.com/news/23/IE7_users_beware_of_Navigation_Canceled_errors/ by Kevin Fernandez