{"id":53,"date":"2004-12-17T16:17:03","date_gmt":"2004-12-17T16:17:03","guid":{"rendered":"https:\/\/www.suramya.com\/blog\/archives\/54-guid.html"},"modified":"2007-03-28T10:23:44","modified_gmt":"2007-03-28T14:23:44","slug":"new-ie-cross-site-scripting-vulnerability","status":"publish","type":"post","link":"https:\/\/www.suramya.com\/blog\/2004\/12\/new-ie-cross-site-scripting-vulnerability\/","title":{"rendered":"New IE Cross-site scripting Vulnerability"},"content":{"rendered":"<p>Just read about this on the <a href=\"http:\/\/www.Secunia.com\">Secunia.com<\/a> website. This one is a real scary one. <\/p>\n<p>A new cross site scripting Vulnerability was discovered in the DHTML Edit ActiveX control in Internet Explorer when handling the &#8216;execScript()&#8217; function. This allows the attacker to inject arbitrary script code in a user&#8217;s browser session in context of an arbitrary site. The best part is that even the SSL certificates etc are passed so there&#8217;s absolutely no way to find out if the site is spoofed or not. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1\/SP2.<\/p>\n<p>Check out a demo of the attack at: <a href=\"http:\/\/secunia.com\/internet_explorer_cross-site_scripting_vulnerability_test\/\">http:\/\/secunia.com\/internet_explorer_cross-site_scripting_vulnerability_test\/<\/a>. The link above is hosted by the group which published the vulnerability. You can read the original advisory <a href=\"http:\/\/secunia.com\/advisories\/13482\/\">here<\/a><\/p>\n<p>The code to create your own spoofed sites can be gotten by viewing the source code for the above page. I copied it to my site and tested it and it actually works. Don&#8217;t try anything stupid with this code &#8217;cause if you do you will be caught and then you can pass my regards to Bubba your new cell-mate.<\/p>\n<p><a href=\"http:\/\/www.mozilla.org\">Mozilla Firefox<\/a> is not affected by this so stop using IE and enjoy the holiday shopping without worying about phishing attacks.<\/p>\n<p>Enjoy.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just read about this on the Secunia.com website. This one is a real scary one. A new cross site scripting Vulnerability was discovered in the DHTML Edit ActiveX control in Internet Explorer when handling the &#8216;execScript()&#8217; function. This allows the attacker to inject arbitrary script code in a user&#8217;s browser session in context of an [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"","activitypub_status":"","footnotes":""},"categories":[6],"tags":[],"class_list":["post-53","post","type-post","status-publish","format-standard","hentry","category-computer-related"],"_links":{"self":[{"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/posts\/53","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/comments?post=53"}],"version-history":[{"count":0,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/posts\/53\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/media?parent=53"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/categories?post=53"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/tags?post=53"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}