July 12th, 2002, 12:37 AM
question about IE allows universal Cross Domain Scripting
Ok here is the code that does it:
You can also use this exploit for Elevating privileges, arbitrary command execution, local file reading,stealing arbitrary cookies, etc.
<object id="data" data="empty.html" type="text/html"></object>
ref.location.href = "http://www.antionline.com";
I tried the code to read a different cookie beside AO and it showed me my username and encrypted password. Ok scary, but my real question is what good is this if it shows on my screen. How do the webmasters or email authors get the information if it is shown on the persons computer who reads the mail or views the page?
Violence breeds violence
we need a world court
not a republican with his hands covered in oil and military hardware lecturing us on world security!