httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "gdwfkd@gmail.com" <gdw...@gmail.com>
Subject [users@httpd] Spoofing URLs in the address bar
Date Wed, 15 Nov 2006 19:14:14 GMT
Is it possible to display a different URL than the actual site that the
browser is contacting in the address portion of a browser?  I had thought
the only options for the URL were either the actual site, or the proxy
server site in the instance where you are using a proxy.

I'm asking this as a security question.  If a user gets an email and clicks
on a link (the HREF can say anything it wants), is it possible to have the
browser show http://www.citibank.com in the address bar when it's really
connected to some Chinese malware site?

I know that there are exploits out there for IE, but lets assume I've got
fully patched IE or Firefox and that we don't have some bizarre DNS tainting
or the like going on.

Mime
View raw message