Social Engineering Link

Well, eventully, i started play around with some JS.

I suppose this method is rather old, but i havn’t seen it around (strangely)..

The exploit is a simple javascript “onclick” event on an “<a>” tag, which changes the “href” value to another site.

<a href=”http://www.good.com” onclick=”this.href=’http://www.evil.com’;”>

http://www.good.com

And here’s the proof of concept: http://www.good.com enjoy!