BugTraq
Back to list
|
Post reply
Re: [IE 6 SP2] Possible URL Spoofing
Oct 16 2004 08:58PM
http-equiv (at) excite (dot) com [email concealed] (1 malware com)
<!--
javascript:document.write("<iframe src='http://www.google.com'
width='100%' height='100%'></iframe>");
-->
This is representative of a generic cross-site-scripting
situation. The homepage idea is a good one, but to date it seems
impossible to break the silly security warning. From a site
aspect you just need a 'hole' to penetrate and effect your code.
oh dear...perhaps like this one:
http://www.malware.com/dload.html
--
http://www.malware.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
<!--
javascript:document.write("<iframe src='http://www.google.com'
width='100%' height='100%'></iframe>");
-->
This is representative of a generic cross-site-scripting
situation. The homepage idea is a good one, but to date it seems
impossible to break the silly security warning. From a site
aspect you just need a 'hole' to penetrate and effect your code.
oh dear...perhaps like this one:
http://www.malware.com/dload.html
--
http://www.malware.com
[ reply ]