Exploit Microsoft Internet Explorer 5.0.1 - Invalid Byte Cross-Frame Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19156
Проверка EDB
  1. Пройдено
Автор
GEORGI GUNINSKI
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-1999-0347
Дата публикации
1999-01-28
Код:
source: https://www.securityfocus.com/bid/197/info

On January 28, 1999, Georgi Guninski originally reported a vulnerability in Internet Explorer 4.x. Internet Explorer 4.x's implentation of Cross-frame security could be bypassed if "%01" is appended to an arbitrary URL. If the specially malformed URL is inserted in a javascript after an 'about:' statement, arbitrary code can be executed on the target host. Successful exploitation could lead to access to local files, window spoofing, and arbitrary code execution.

On October 6, 2000, Alp Sinan discovered that a variation of this vulnerability exists in Microsoft Internet Explorer 5.5. Instead of using "%01", the ASCII equivalents of "^A" or "&#01" can be used instead. 

Georgi Guninski <[email protected]> has set up the following demonstration pages:

Exploit through HTML mail message:

http://www.guninski.com/scriptlet.html

http://www.guninski.com/scrspoof.html

Exploit through TDC:

http://www.guninski.com/scrauto.html

Alp Sinan <[email protected]> has set up the following demonstration pages:

Reading of local files:
http://horoznet.com/AlpSinan/localread.htm

Window spoofing:
http://horoznet.com/AlpSinan/webspoof.htm

Cross-frame security circumvention
http://horoznet.com/AlpSinan/crossframe.htm
 
Источник
www.exploit-db.com

Похожие темы