lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030712084009.27160.qmail@www.securityfocus.com>
Date: 12 Jul 2003 08:40:09 -0000
From: Liu Die Yu <liudieyuinchina@...oo.com.cn>
To: bugtraq@...urityfocus.com
Subject: MSIE:patched&undisclosed XSS vuln




MSIE:patched&undisclosed XSS vuln
("that's all" is end of file if you are in a hurry)

[tested]
OS:Windows XP Professional
Browser: MS Internet Explorer 6.0.2600.0000.xpclient.01087-1148
(without any patch)
(note: it doesn't work on the patched MSIE) 


[demo]
at
http://www.safecenter.net/liudieyu/AutoScanJPU/AutoScanJPU-MyPage.htm
or
http://umbrella.mx.tc ==> "AutoScanJPU-MyPage" section


[exp]
window.external.AutoScan method can navigate other windows to somewhere, 
and it doesn't filter Javascript-protocol url.


that's all.

[how]
http://www.safecenter.net/CrossZone/ie/UJPU.HTM


[gossiping]


does anyone here know other vulnz patched silently? 



greetings to:
the Pull, dror, guninski and "Vadim Krochak" - and gean!

 

best wishes 

die

------------------------

make notes easily! 
- http://www.safecenter.net/liudieyu/domex
- http://domex.int.tc
-------------------
all mentioned resources can be found at http://umbrella.mx.tc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ