#Vulnerability: Address Bar Spoofing Vulnerability
Discovered by: Rafay Baloch and Muhammad Samak
#Company: Cyber Citadel
DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"
which is used to open a secondary browser window. This could be exploited
by tricking the users into supplying senstive information such as
username/passwords etc due to the fact that the address bar would display a
legitimate URL, however it would be hosted on the attacker's page.
*Proof of Concept (POC)*
Following is the POC that could be used to reproduce the issue:
document.body.innerHTML='This is not Google!';("This is not google.com
<input type="button" value="Run"
The issue could be abused to carry out more effective phishing attacks
against it's users.