Back to list
Major Internet Explorer Vulnerability - NOT Patched
Jan 31 2015 02:18PM
David Leo (david leo deusen co uk)
Deusen just published code and description here:
which demonstrates the serious security issue.
An Internet Explorer vulnerability is shown here:
Content of dailymail.co.uk can be changed by external domain.
How To Use
1. Close the popup window("confirm" dialog) after three seconds.
2. Click "Go".
3. After 7 seconds, "Hacked by Deusen" is actively injected into dailymail.co.uk.
Vulnerability: Universal Cross Site Scripting(XSS)
Impact: Same Origin Policy(SOP) is completely bypassed
Attack: Attackers can steal anything from another domain, and inject anything into another domain
Tested: Jan/29/2015 Internet Explorer 11 Windows 7
If you like it, please reply "nice".
[ reply ]
Copyright 2010, SecurityFocus