#Vulnerability: Address Bar Spoofing Vulnerability  
Product: DuckDuckGo  
Discovered by: Rafay Baloch and Muhammad Samak  
#Version: 7.64.4  
#Impact: Moderate  
#Company: Cyber Citadel  
DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"  
vulnerability due to mishandling of javaScript's function  
which is used to open a secondary browser window. This could be exploited  
by tricking the users into supplying senstive information such as  
username/passwords etc due to the fact that the address bar would display a  
legitimate URL, however it would be hosted on the attacker's page.  
*Proof of Concept (POC)*  
Following is the POC that could be used to reproduce the issue:  
function spoof(){  
document.body.innerHTML='This is not Google!';("This is not  
<input type="button" value="Run"  
The issue could be abused to carry out more effective phishing attacks  
against it's users.