This works for Mozilla Firefox also ... I believe. Cheers, 0xN41K
On Nov 15, 10:50 pm, Sandeep Thakur <[email protected]> wrote: > FYI Team > > > > ---------- Forwarded message ---------- > From: MustLive <[email protected]> > Date: 2010/11/14 > Subject: Saved XSS vulnerability in Internet Explorer > To: [email protected] > > Hello Bugtraq! > > I want to warn you about Cross-Site Scripting vulnerability in Internet > Explorer. This is Post Persistent XSS (Save XSS) > (http://websecurity.com.ua/2641/). > > ------------------------- > Affected products: > ------------------------- > > Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet > Explorer 7 (7.00.5730.13), Internet Explorer 8 (8.00.6001.18702) and > previous versions. > > ---------- > Details: > ---------- > > This hole is similar to Cross-Site Scripting vulnerability in Internet > Explorer (http://websecurity.com.ua/1241/) - CVE-2007-4478 > (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4478). Which I > found in August 2007 and informed Microsoft, and they ignored it and didn't > fix it in IE6, and they didn't fixed it in IE7 (and also in IE6) after my > informing in 2008. But they silently and lamerly fixed it in IE8, as I found > in May 2010 when checked this hole in IE8. This vulnerability is different > from previous one in that, that the attack is going not via saving web page, > but saving web archive (mht/mhtml file) - similarly to Cross-Site Scripting > in Opera (http://websecurity.com.ua/2555/), which I wrote about in 2008. All > versions of IE6, IE7 and IE8 are affected to this hole. > > XSS (WASC-08): > > http://site/?--><script>alert("XSS")</script> > > For the attack it's needed to visit such URL and save html page as mht/mhtml > file (Web archive). For executing of the code it's needed that file was > saved not with mht or mhtml extension, but with htm or html extension. After > that when opening saved page in any browser the code will run. Attacking > code are saving inside of the file. > > This vulnerability - it's Saved XSS and Local XSS > (http://websecurity.com.ua/4219/). > > To make hidden attack an iframe can be used in code of the page: > > <iframe src='http://site/?--><script>alert("XSS")</script>' height='0' > width='0'></iframe> > > ------------ > Timeline: > ------------ > > 2010.11.12 - found vulnerability. > 2010.11.12 - disclosed at my site. > 2010.11.13 - informed Microsoft. > > I mentioned about this vulnerability at my site > (http://websecurity.com.ua/4677/). > > Best wishes & regards, > MustLive > Administrator of Websecurity web sitehttp://websecurity.com.ua- Hide quoted > text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
