hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
Jun 22 2004, 04:08 AM
QUOTE


[tested]
Internet Explorer 6 SP1 running on Windows XP(Home Edition) Service Pack 1a
Updated on 2004/07/21 GMT+800


[intro]
"the-insider" exploit was first noticed by the-insider:
http://umbrella.name/iebug.com/display-sin...sage-2004060050
and then documented by jelmer:
http://umbrella.name/iebug.com/display-sin...sage-2004060124
http://62.131.86.111/analysis.htm


[what is new]
the exploit is complicated.


i just simplified the exploit and made a very small demo of the xss
vulnerability:
http://UMBRELLA.NAME/originalvuln/InsiderPrototype/demo.htm
i hope it helps those who are confused by tons of code there in the
exploit.


the prototype is actually extremely simple - and cool.


that's all.


[request your comment on iebug.com]
btw, what do you think of iebug.com
http://iebug.com
?
do you prefer just reading selected messages?
i can make iebug display selected messages only; i can enable all
visitors to vote for a message - or you have a better idea for
iebug.com?


please comment on iebug.com and let me know.


iebug.com:
-----
Security and Vulnerability Discussion related to Internet Explorer,
Outlook, Java Virtual Machine and Windows Media Player found at
bugtraq, full-disclosure and microsoft security bulletin


up-to-hour
-----



Source: http://seclists.org/lists/bugtraq/2004/Jun/0335.html
Kynroxes
Jun 25 2004, 09:14 PM
tks man for news ... u really a 1/2 god for me smile.gif
ganz2
Jun 26 2004, 06:41 AM
this was already posted like 3 times
aiboforcen
Jun 26 2004, 11:59 AM
Does anyone know a free host that support jsp and js files?
what
Jun 26 2004, 04:09 PM
Apache will support it by default. Try downloading it and installing it. Saves a lot of time for searching and money for server space.
slynx
Jun 29 2004, 12:38 AM
my default win32 apache install does not (by default) support jsp or js files....
the *nix distro might, i havn't worked with it for a while, but either way you can
download support for those files (just google it)
toska
Jun 29 2004, 02:34 AM
Hehehe, come on guys, no need for all that when php works just fine. wink.gif
Nuff said.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.