Poisonous Style for Dialog window turns the zone off.

From: Liu Die Yu (liudieyuinchinaat_private)
Date: Mon Dec 02 2002 - 22:26:37 PST

Next message: euronymous: "SquirrelMail v1.2.9 XSS bugs"

Previous message: James Morris: "Local Netfilter / IPTables IP Queue PID Wrap Flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Poisonous Style for Dialog window turns the zone off. ("that's all" is the end of file if you are in a hurry) [tested] MSIEv6(CN version) Patch: Q312461,Q328790(MS02-066) {IEXPLORE.EXE file version: 6.0.2600.0000} {MSHTML.DLL file version: 6.00.2600.0000} [demo] at http://www16.brinkster.com/liudieyu/PoisonousSTYLEforDialog/PoisonousSTYLEf orDialog-MyPage.htm or clik.to/liudieyu ==> PoisonousSTYLEforDialog-MyPage section. [exp] you can appoint the style of text in window(a "ModalDialog" window) opened by "showModalDialog()" regardless of zone difference. the style can cause execution of script, one example: <IMG width="0" height="0" style="width: expression(alert());"> so "poisonous" style can do XSS at client side. that's all [how] i spent some time trying to bypass hotmail script filtering, so i read something about it, including the above one from Guninski. so, i got this one as soon as i read the description of "showModalDialog ()" at MSDN. [BTW] if you are interested in XSS at server side, don't miss a tool at http://clik.to/fasx

Next message: euronymous: "SquirrelMail v1.2.9 XSS bugs"
Previous message: James Morris: "Local Netfilter / IPTables IP Queue PID Wrap Flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 03 2002 - 10:23:22 PST