Back to list
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
Feb 04 2015 06:43AM
David Leo (david leo deusen co uk)
Microsoft was notified on Oct 13, 2014.
Joey thank you very much for your words.
On 2015/2/3 4:53, Joey Fowler wrote:
> Hi David,
> "nice" is an understatement here.
> I've done some testing with this one and, while there /are/ quirks, it most definitely works. It even bypasses standard HTTP-to-HTTPS restrictions.
> It looks like, through this method, all viable XSS tactics are open!
> Nice find!
> Has this been reported to Microsoft outside (or within) this thread?
> Joey Fowler
> Senior Security Engineer, Tumblr
> On Sat, Jan 31, 2015 at 9:18 AM, David Leo <david.leo (at) deusen.co (dot) uk [email concealed] <mailto:david.leo (at) deusen.co (dot) uk [email concealed]>> wrote:
> Deusen just published code and description here:
> http://www.deusen.co.uk/items/__insider3show.3362009741042107/ <http://www.deusen.co.uk/items/insider3show.3362009741042107/>
> which demonstrates the serious security issue.
> An Internet Explorer vulnerability is shown here:
> Content of dailymail.co.uk <http://dailymail.co.uk> can be changed by external domain.
> How To Use
> 1. Close the popup window("confirm" dialog) after three seconds.
> 2. Click "Go".
> 3. After 7 seconds, "Hacked by Deusen" is actively injected into dailymail.co.uk <http://dailymail.co.uk>.
> Technical Details
> Vulnerability: Universal Cross Site Scripting(XSS)
> Impact: Same Origin Policy(SOP) is completely bypassed
> Attack: Attackers can steal anything from another domain, and inject anything into another domain
> Tested: Jan/29/2015 Internet Explorer 11 Windows 7
> If you like it, please reply "nice".
> Kind Regards,
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/__listinfo/fulldisclosure <https://nmap.org/mailman/listinfo/fulldisclosure>
> Web Archives & RSS: http://seclists.org/__fulldisclosure/ <http://seclists.org/fulldisclosure/>
[ reply ]
Copyright 2010, SecurityFocus