lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 10 Sep 2003 05:42:15 -0000 From: Liu Die Yu <liudieyuinchina@...oo.com.cn> To: bugtraq@...urityfocus.com Subject: MSIE->NAFjpuInHistory NAFjpuInHistory [tested] Browser Ver { MS Internet Explorer: 6.0.2600.0000.xpclnt_qfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; } (So, it's far from fully patched. it also works after applying the patch for "Using the backbutton in IE is dangerous") OS Ver: "Windows XP Cn ver" [demo] http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-MyPage.HTM or http://umbrella.mx.tc ---> NAFjpuInHistory section ---> NAFjpuInHistory-MyPage file [exp] refer to BackMyParent at UMBRELLA.MX.TC. so, the chanllenge is: "javascript-protocol Url is left in the history list" in this attack: window.open("javascript:[JpuScript]"), and then use "NavigateAndFind" to navigate to [VictimUrl], At last, Javascript-protocol Url is left in the history list. [greetings] the Pull, dror, guninski, sandblad and "Friedrich L.Bauer". of course, mom and dad. best wishes ----- from http://Umbrella.MX.TC on http://SafeCenter.NET
Powered by blists - more mailing lists