Some of you might remember that on my Links tab on NXSeal (my old website), I had made use of an Internet Explorer flaw that could spoof (read: fake) you going to www.uottawa.ca (displaying that URL in the address bar) when in fact it sent you elsewhere (a “UVE B33N H4CKZoRZ” humouristic page). Well since then, Microsoft fixed the problem. But now there’s a new flaw that has similar characteristics though completely different approaches. Unlike the previous flaw however, once at the target page, the address bar displays the correct URL. Either way, this easily implementable flaw does spoof the initial status bar response to the URL as I’ll demonstrate:
http://www.microsoft.com |
It says that you’re at microsoft.com, when in fact you’ll be brought over to Google’s site. To note that the double-underline under the above link is only as a result of the conflicting CSS code of this page.