Possible new cross zone scripting in IE
From: Cheng Peng Su (apple_soup_at_msn.com)
Date: 02/10/04
- Previous message: Manuel López: "XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal"
- Next in thread: http-equiv_at_excite.com: "Re: Possible new cross zone scripting in IE"
- Maybe reply: http-equiv_at_excite.com: "Re: Possible new cross zone scripting in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 10 Feb 2004 14:31:35 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
title:Possible new cross zone scripting in IE
program:MS Internet Explorer
test on:IE 6.0(sp1),winXP/ME
Proof of Concept:
From res://C:\WINDOWS\SYSTEM\BROWSELC.DLL/mbOffline.htm
,i found
<a href="shell:My Music" onmouseover="window.status=L_MyMusic_Text;return true" onmouseout="window.status='';return true">
this links to a folder(c:\My document\My Music).
I built a page(http://www.freewebs.com/applesoup/shell_my_music.htm) like following:
<iframe src="shell:my music"/>
this frame is in "My computer" zone.
I think there is some way to make cross zone scripting to this frame.
-------------
Cheng Peng Su
- Previous message: Manuel López: "XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal"
- Next in thread: http-equiv_at_excite.com: "Re: Possible new cross zone scripting in IE"
- Maybe reply: http-equiv_at_excite.com: "Re: Possible new cross zone scripting in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
