Poisonous Style for Dialog window turns the zone off. Dec 03 2002 06:26AM
Liu Die Yu (liudieyuinchina yahoo com cn)

Poisonous Style for Dialog window turns the zone off.

("that's all" is the end of file if you are in a hurry)


MSIEv6(CN version)

Patch: Q312461,Q328790(MS02-066)

{IEXPLORE.EXE file version: 6.0.2600.0000}

{MSHTML.DLL file version: 6.00.2600.0000}






clik.to/liudieyu ==> PoisonousSTYLEforDialog-MyPage section.


you can appoint the style of text in window(a "ModalDialog" window) opened

by "showModalDialog()" regardless of zone difference.

the style can cause execution of script, one example:

<IMG width="0" height="0" style="width: expression(alert());">

so "poisonous" style can do XSS at client side.

that's all


i spent some time trying to bypass hotmail script filtering, so i read

something about it, including the above one from Guninski.

so, i got this one as soon as i read the description of "showModalDialog

()" at MSDN.


if you are interested in XSS at server side, don't miss a tool at


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus