[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
Microsoft was notified on Oct 13, 2014.
Joey thank you very much for your words.
On 2015/2/3 4:53, Joey Fowler wrote:
"nice" is an understatement here.
I've done some testing with this one and, while there /are/ quirks, it most definitely works. It even bypasses standard HTTP-to-HTTPS restrictions.
It looks like, through this method, all viable XSS tactics are open!
Has this been reported to Microsoft outside (or within) this thread?
Senior Security Engineer, Tumblr
On Sat, Jan 31, 2015 at 9:18 AM, David Leo <david.leo@xxxxxxxxxxxx <mailto:david.leo@xxxxxxxxxxxx>> wrote:
Deusen just published code and description here:
which demonstrates the serious security issue.
An Internet Explorer vulnerability is shown here:
Content of dailymail.co.uk <http://dailymail.co.uk> can be changed by external domain.
How To Use
1. Close the popup window("confirm" dialog) after three seconds.
2. Click "Go".
3. After 7 seconds, "Hacked by Deusen" is actively injected into dailymail.co.uk <http://dailymail.co.uk>.
Vulnerability: Universal Cross Site Scripting(XSS)
Impact: Same Origin Policy(SOP) is completely bypassed
Attack: Attackers can steal anything from another domain, and inject anything into another domain
Tested: Jan/29/2015 Internet Explorer 11 Windows 7
If you like it, please reply "nice".
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/__fulldisclosure/ <http://seclists.org/fulldisclosure/>