[30707] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

MSIE:patched&undisclosed XSS vuln

daemon@ATHENA.MIT.EDU (Liu Die Yu)
Sat Jul 12 18:25:44 2003

Date: 12 Jul 2003 08:40:09 -0000
Message-ID: <20030712084009.27160.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
To: bugtraq@securityfocus.com



MSIE:patched&undisclosed XSS vuln
("that's all" is end of file if you are in a hurry)

[tested]
OS:Windows XP Professional
Browser: MS Internet Explorer 6.0.2600.0000.xpclient.01087-1148
(without any patch)
(note: it doesn't work on the patched MSIE) 


[demo]
at
http://www.safecenter.net/liudieyu/AutoScanJPU/AutoScanJPU-MyPage.htm
or
http://umbrella.mx.tc ==> "AutoScanJPU-MyPage" section


[exp]
window.external.AutoScan method can navigate other windows to somewhere, 
and it doesn't filter Javascript-protocol url.


that's all.

[how]
http://www.safecenter.net/CrossZone/ie/UJPU.HTM


[gossiping]


does anyone here know other vulnz patched silently? 



greetings to:
the Pull, dror, guninski and "Vadim Krochak" - and gean!

 

best wishes 

die

------------------------

make notes easily! 
- http://www.safecenter.net/liudieyu/domex
- http://domex.int.tc
-------------------
all mentioned resources can be found at http://umbrella.mx.tc


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30707] in bugtraq

MSIE:patched&undisclosed XSS vuln

daemon@ATHENA.MIT.EDU (Liu Die Yu)Sat Jul 12 18:25:44 2003

daemon@ATHENA.MIT.EDU (Liu Die Yu)
Sat Jul 12 18:25:44 2003