View Full Version : how to <>< in 0d10
SippieCup
05-26-2010, 08:54 PM
http://avivraff.com/research/phish/article.php?1525779698
pretty insane.
SippieCup
05-26-2010, 08:56 PM
also runs regardless of noscript.
keith
05-26-2010, 09:05 PM
thats crazy
Ryan Rohypnol
05-26-2010, 09:06 PM
Now you're makin a nigga pay attention.
hardcore
05-26-2010, 09:07 PM
shits legit as hell.
seedleSs
05-26-2010, 10:28 PM
tabnabbin' lolol
rob-beatz
05-26-2010, 10:45 PM
the tabnabber tabernacle praises Him
Kobal
05-26-2010, 11:07 PM
thats dope as fuck
wow
super legit.... also scary as i usually have 8+tabs open at all times
Royalty
05-27-2010, 12:47 AM
wow
super legit.... also scary as i usually have 8+tabs open at all times
This.
I could so get phished with a little javascript spoofing too.
craig
05-27-2010, 12:59 AM
sick as fuck
zeekyhbomb
05-27-2010, 01:39 AM
niggas gon get raped
and i thought i had seen leet phishers lol
just caught that on ajaxian today. wonder how they are gonna fix this one.
sKinym3
05-27-2010, 03:16 AM
i swear this news is a week old??? either way its very impressive
Royalty
05-27-2010, 03:34 AM
I can't believe that someone who works on the firefox team seems so oblivious to URL spoofing, and I expected at least ONE user to make a comment about it and nobody did. Really amazing how people so intelligent can simultaneously seem so clueless.
retro 8
05-27-2010, 03:37 AM
pretty good exploit, but if i see a random gmail or fb login tab I'm gonna be suspicions, because the only time I need to log in is when I restart my computer.
hat uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself,
This wouldn't work for me because the page they made has mac style buttons on it. But it would seem possible to tell OS then give page accordingly.
SippieCup
05-27-2010, 10:50 AM
This wouldn't work for me because the page they made has mac style buttons on it. But it would seem possible to tell OS then give page accordingly.
dude those mac buttons are done by the browser, thats a screenshot to show the <>< but not actually phish anyone.
craig
05-27-2010, 12:29 PM
this wouldn't work on me though
because i don't type or paste in my passwords
dropcode
05-27-2010, 12:38 PM
I can't believe that someone who works on the firefox team seems so oblivious to URL spoofing, and I expected at least ONE user to make a comment about it and nobody did. Really amazing how people so intelligent can simultaneously seem so clueless.
I guess it depends what you mean by URL spoofing. If you're talking about status bar cloaking (onclick="this.href='http...) He doesn't really even talk about that. If you're talking about address bar masking, thats really sort of rare. Its rarely possible, infact the only buzz surrounding address bar masking atm is michael zalewski's claim that he has something that he's not releasing till there's a vendor patch.
address bar spoofing in Firefox and Safari (April 2010)
http://lcamtuf.coredump.cx/
craig
05-27-2010, 01:29 PM
newest version of noscript protects against tabnabbing
Royalty
05-27-2010, 01:34 PM
I guess it depends what you mean by URL spoofing. If you're talking about status bar cloaking (onclick="this.href='http...) He doesn't really even talk about that. If you're talking about address bar masking, thats really sort of rare. Its rarely possible, infact the only buzz surrounding address bar masking atm is michael zalewski's claim that he has something that he's not releasing till there's a vendor patch.
http://lcamtuf.coredump.cx/
<html>
<head>
<title>
</title>
</head>
<script language="JavaScript">
window.status='Opening Page [YOURFAKELINK]';
s="<embed src='[YOURREALLINK]' width='2' height='2'></embed><META HTTP-EQUIV='Refresh' CONTENT='0;url=[YOURFAKELINK]'>";
document.write(s);
</script>
</html>
Royalty
05-27-2010, 01:37 PM
<html>
<head>
<title>
</title>
</head>
<script language="JavaScript">
window.status='Opening Page [YOURFAKELINK]';
s="<embed src='[YOURREALLINK]' width='2' height='2'></embed><META HTTP-EQUIV='Refresh' CONTENT='0;url=[YOURFAKELINK]'>";
document.write(s);
</script>
</html>
don't quote me on this but last I checked this worked. Not sure it's been a while since I used it.
doLawN
05-27-2010, 01:52 PM
tabnabbing
Aww come on, we can come up with something better than his suggestions of the concept.
TerrorTabs! lmao
idk.. shit is leet tho
dropcode
05-29-2010, 08:54 PM
don't quote me on this but last I checked this worked. Not sure it's been a while since I used it.
This hasn't been possible for a very long time. It does work in opera but tahts it.
http://www.w3schools.com/jsref/prop_win_status.asp
you CAN circumvent this protection with this simple trick
<a href="http://www.paypal.com" onclick="this.href='http://www.evil.com'">PAYPAL!</a>
but regardless, he wasn't talking about this at all. He was talking about the address bar.
craig
05-29-2010, 09:09 PM
Aww come on, we can come up with something better than his suggestions of the concept.
TerrorTabs! lmao
idk.. shit is leet tho
that's what it's called though
reference article
BayouSouth
05-29-2010, 10:15 PM
wow
super legit.... also scary as i usually have 8+tabs open at all times
8+ tabs ? lol, I always have minimum of 60+ open at all times. Hell, I know thats why my shit uses over 800k mem
lobeitcher
05-29-2010, 10:27 PM
As soon as I read the part about gmail the page switched to the fake gmail login. Creepy but awesome.
hobotron
05-29-2010, 11:27 PM
shits tight
awful
05-29-2010, 11:28 PM
posting in a gay thread
Powered by vBulletin® Version 4.2.0 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.