[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently)
Check "Acknowledgments" for "CVE-2014-0293".
It says "Dieyu" and links to my website http://dieyu.org/
showModalDialog to keep script running, HTTP redirecting to target domain.
Then script will run in target domain.
This is the file that I sent to Microsoft:
This is exactly the XSS vulnerability that made IE fall in 2004:
"US Government warns against Internet Explorer"
"Vulnerability Note VU#713878", "HTTP Redirection", "showModalDialog"
Microsoft had not fixed it properly for a decade.
I am the original author of this vulnerability.
I made IE market share fall in 2004, and changed the web permanently.
Back then, there was no "Local Machine Zone Lockdown", and XSS could get remote code execution.
Dieyu dieu deus deva divine dio theos dievas dewa ilu Diyin Ayóo Átʼéii atua tiānzhŭ Yahweh Zeus Odin El
It's cross "language family".
For English "divine", I could have chosen "deity".
For Chinese "tiānzhŭ", I could have chosen "tien"(天 Wade-Giles, meaning: sky/god/day).
If you know EXACTLY what this means, please reply this message.
"tasted the heavenly gift ... fallen away")
This is the ultimate wisdom:
You will learn the ultimate wisdom from 6 sources - east and west.
It should cost 10 minutes(max). View inithorn.txt first.
Got this name "Dieyu" from sky when I was born:
There was an extremely huge butterfly("die"), and extremely heavy rain("yu").
Follow Dieyu at Twitter: https://twitter.com/liudieyu