[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-Disclosure] internet-explorer: bug or feature?
From: Andrew Clover <and-bugtraq () doxdesk ! com>
Date: 2004-03-31 22:28:36
Message-ID: 406C839D.8020500 () doxdesk ! com
[Download RAW message or body]
<ko5@hush.com> wrote:
> about:<script>alert('*plopp*');</script>
> a small alert popps up and says me '*plopp*', so it seems, that i can
> inject any code i want.
Originally reported here:
http://www.doxdesk.com/personal/posts/bugtraq/20010819-ie.html
This was eventually fixed in IE6 SP1, after it was discovered that due
to a parsing error this could be abused to execute in the security
context of any target domain.
> i am not sure if its what the 'about:'-construct is for
It was just another random pointless feature. IE has a lot of these.
Sometimes they prove a security liability and very occasionally they get
removed, but no-one seems to have thought of not including them in the
first place.
--
Andrew Clover
mailto:and@doxdesk.com
http://www.doxdesk.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic