Date: Thu, 25 Mar 1999 20:07:52 +0200 From: Georgi Guninski To: BUGTRAQ@netspace.org Subject: Netscape Communicator 4.51 allows sniffing of URLs from another window There is a bug in Netscape Communicator 4.51,4.5/Win95, 4.08/WinNT (probably others?), which allows sniffing URLs from another window. The exploit uses the ability to execute JavaScript code from specially designed URLs in the javascript console window, when an error is deliberately invoked. Demonstration and source is available at: http://www.nat.bg/~joro/b11.html (The exploit does not work if you are behind some versions of a squid proxy. If you do not see your URL in a message box, try reloading the main page). Workaround: Disable JavaScript. Regards, Georgi Guninski ----------Demonstration and source---------- http://www.nat.bg/~joro/b11.html -------------------------------------------- Control window -------------------------------------------- http://www.nat.bg/~joro/b11main.html -------------------------------------------- Control Window There is a bug in Netscape Communicator 4.51,4.5/Win95, 4.08/WinNT (probably others?), which allows sniffing URLs from another window.
This page tracks the URLs the user visits in another window.
Enter your URL in the 'Tracked window'. Wait until the document is loaded, then click 'Show URL'.
This exploit needs Javascript enabled.
Workaround: Disable Javascript.
Written by Georgi Guninski