Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

Does anyone know if Microsoft have patched this yet? On Wed Feb 04 2015 at 09:05:26 David Leo david@deusen.co.uk wrote: Microsoft was notified on Oct 13, 2014. Joey thank you very much for your words. Kind Regards, On 2015/2/3 4:53, Joey Fowler wrote: Hi David, nice is an

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

Hi Joey, In my research I found out that the 'x-frame-options' solution doesn't protect against session hijacking via session cookie theft. It is very important that you also need to add 'HttpOnly' flags on all cookies. I've published an overview of my research, additional mitigations and

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

...@securitytracker.com; bugt...@securityfocus.com; cve-ass...@mitre.org Subject: Re: [FD] Major Internet Explorer Vulnerability - NOT Patched Hi David, Nice one…great find! And thanks Joey for confirming the bypass of HTTP-to-HTTPS restrictions. I can confirm that this also affects Spartan Browser (Experimental

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

is this entirely an IE flaw, or is it tied to the use of Cloudflare by the targeted site as well as the attacking site? No, this is entirely an IE flaw. I've repro'd on domains that I know don't use cloudflare, from a domain that doesn't use cloudflare. There's a great teardown on this POC by

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

Hi David. When I tried to reproduce it using code hosted on one of my domains, I tried three variations of what I assumed at the time the PHP code from the original was: ?php usleep(300); header(Location: http://www.dailymail.co.uk/;); die(); ? ?php sleep(3); header(Location:

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

So here's a possibly stupid question: is this entirely an IE flaw, or is it tied to the use of Cloudflare by the targeted site as well as the attacking site? I ask because: 1 - I tried to reproduce the attack in a number of ways without using CloudFlare, and was unsuccessful. 2 - Since I

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

Hi David, nice is an understatement here. I've done some testing with this one and, while there *are* quirks, it most definitely works. It even bypasses standard HTTP-to-HTTPS restrictions. As long as the page(s) being framed don't contain X-Frame-Options headers (with `deny` or `same-origin`

[FD] Major Internet Explorer Vulnerability - NOT Patched

Deusen just published code and description here: http://www.deusen.co.uk/items/insider3show.3362009741042107/ which demonstrates the serious security issue. Summary An Internet Explorer vulnerability is shown here: Content of dailymail.co.uk can be changed by external domain. How To Use 1.