Secunia Research has discovered a vulnerability in various browsers, which can be exploited by malicious web sites to spoof dialog boxes. The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site.
Here is a full summary of the attack: -Standard Anchor tag in some original page has http://www.victim.com in HREF attribute. Clicking on it opens link as normal, in tab, new window, whatever. -Anchor tag also has an ONCLICK attribute, that runs some javascript when clicked -Javascript opens a very small attackwindow off the completely off the screen (varies with browsers). -The page opened in attack can be located anywhere on the Internet. It has a reference to original (which called it) gives original focus, thereby hiding attack from user's view. -attack uses timer to wait some specified value. Duringthis time http://www.victim.com finishes loading into normal. attack then opens a dialog box. -If the user hasn't gone crazy switching windows, tabs, etc. normal should be the top most window, with a dialog box from attack floating on it. attack is hidden off screen or under everything. -Any info user enters into this dialog can be processed by attack, since it spawned the box! Acidus' Assessment: Cool, but not dangerous. You are very limited in Javascript about the types of dialog boxes you can open for the user. None of them even remotely look like an authenication box, and only one input field can be on a dialog. To get a username password you would have to pop 2 windows sequentially. Very suspect. |