Ruzivo rwakaburitswa nezve nzira ye phishing inobvumira mushandisi kugadzira manyepo ekushanda nechimiro chechokwadi chechokwadi nekugadzirisa zvakare browser interface munzvimbo inoratidzwa pamusoro pehwindo razvino uchishandisa iframe. Kana vapanduki vekare vakaedza kunyengedza mushandisi nekunyoresa madomain ane zviperengo zvakafanana kana manipulating paramita muURL, wobva washandisa nzira yakarongwa uchishandisa HTML neCSS, zvinhu zvinodhirowewa kumusoro kwehwindo rinobuda iro rinoteedzera browser interface, kusanganisira. musoro une mabhatani ekudzora hwindo uye kero bar , iyo inosanganisira kero isiri iyo chaiyo kero yezviri mukati.
Tichifunga kuti masaiti mazhinji anoshandisa mafomu echokwadi kuburikidza nevechitatu-bato masevhisi anotsigira OAuth protocol, uye mafomu aya anoratidzwa mune yakaparadzana hwindo, kugadzira yekunyepedzera browser interface inogona kutsausa kunyangwe mushandisi ane ruzivo uye anoteerera. Iyo nzira yakatsanangurwa, semuenzaniso, inogona kushandiswa pane yakabiwa kana isina kukodzera masaiti kuunganidza mushandisi password data.
Mumwe muongorori akakwevera kutarisa kune dambudziko akaburitsa yakagadzirira-yakagadzirwa seti yekuteedzera iyo Chrome interface mune yakasviba uye akareruka tema eMacOS neWindows. Iwindo repop-up rinogadzirwa uchishandisa iframe inoratidzwa pamusoro pezviri mukati. Kuwedzera realism, JavaScript inoshandiswa kusunga zvibatiso zvinokutendera kuti ufambise dummy hwindo uye tinya pamabhatani ekudzora hwindo.
Source: opennet.ru