Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-Disclosure] Yet another IE aperture
From: Georgi Guninski (guninskiguninski.com)
Date: Thu Oct 07 2004 - 04:27:58 CDT
Georgi Guninski security advisory #71, 2004
Yet another IE aperture
tested on patched IE on win2k and xp
Date: 7 October 2004
This Advisory is Copyright (c) 2004 Georgi Guninski.
You may not modify it and distribute it or distribute parts
of it without the author's written permission - this especially applies to
so called "vulnerabilities databases" and securityfocus, microsoft, cert
If you want to link to this content use the URL:
Anything in this document may change without notice.
The information in this advisory is believed to be true though
it may be false.
The opinions expressed in this advisory and program are my own and
not of any company. The usual standard disclaimer applies,
especially the fact that Georgi Guninski is not liable for any damages
caused by direct or indirect use of the information or functionality
provided by this advisory or program. Georgi Guninski bears no
responsibility for content or misuse of this advisory or program or
any derivatives thereof.
By opening html in IE it is possible to read at least well formed xml from
arbitrary servers. The info then may be transmitted.
<script id="x1" language="xml" src="/cgi-bin/redir.pl"></script>
Copyright Georgi Guninski <br />
Cannot be used in any database
redir.pl does a http redirect.
Full-Disclosure - We believe in it.