[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] internet-explorer: bug or feature?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] internet-explorer: bug or feature?
From: Andrew Clover <and-bugtraq@xxxxxxxxxxx>
Date: Thu, 01 Apr 2004 22:03:25 +0100

<ko5@xxxxxxxx> wrote:

> about:<script>alert('*plopp*');</script>

> a small alert popps up and says me '*plopp*', so it seems, that i can
> inject any code i want.

Originally reported here:

http://www.doxdesk.com/personal/posts/bugtraq/20010819-ie.html

This was eventually fixed in IE6 SP1, after it was discovered that due to a parsing error this could be abused to execute in the security context of any target domain.

> i am not sure if its what the 'about:'-construct is for

It was just another random pointless feature. IE has a lot of these. Sometimes they prove a security liability and very occasionally they get removed, but no-one seems to have thought of not including them in the first place.

--
Andrew Clover
mailto:and@xxxxxxxxxxx
http://www.doxdesk.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] internet-explorer: bug or feature?
  - From: ko5

Prev by Date: [Full-Disclosure] FW: Microsoft Progress Report: Security
Next by Date: Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features
Previous by thread: Re: [Full-Disclosure] internet-explorer: bug or feature?
Next by thread: RE: [Full-Disclosure] internet-explorer: bug or feature?
Index(es):
- Date
- Thread