bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/22784.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

13 lines
No EOL
766 B
Text
Raw Blame History

source: https://www.securityfocus.com/bid/7939/info
An issue has been reported for Microsoft Internet Explorer that may result in HTML injection attacks. The vulnerability exists when IE is used to display custom HTTP error messages also known as "Friendly HTTP error messages".
Due to some errors when extracting URLs from the custom error pages, it is possible to cause IE to output malicious HTML code.
Exploitation may allow theft of cookie-based authentication credentials or other attacks.
res://shdoclc.dll/HTTP_501.htm#javascript:%2f*://*%2falert(location.href)/
"Marek Blahus" <marek@blahus.cz> also provided an additional proof-of-concept example:
res://shdoclc.dll/http_404.htm#javascript:alert(String.fromCharCode(72,101,108,108,111));//://clickme/
Reference in a new issue View git blame Copy permalink