Internet Explorer sp2 bypass exploit

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • hydro
    Confirmed User
    • Dec 2003
    • 4216

    #1

    Internet Explorer sp2 bypass exploit

    Reportedly, Microsoft Internet Explorer is affected by a user security confirmation bypass vulnerability. This issue is due to a design error that allows malicious users to trivially bypass the requirement for user confirmation.

    An attacker may leverage this issue by hosting a web page or pages designed to bypass the required user confirmation; this would facilitate the execution of arbitrary client side scripts such as JavaScript and ActiveX objects in the browsers of unsuspecting users that visit the site.



    No exploit is required to leverage this issue. Reportedly a comment of the following form, when placed between the '<!DOCTYPE>' and '<HTML>' tags, will trigger this issue:

    <!-- saved from usr=(XXXX)URL -->

    Where URL is a URL string, such as 'http://www.example.com' and XXXX is a four digit number that corresponds to the number of characters in the URL string.
  • Fukeneh
    Confirmed User
    • Mar 2004
    • 1245

    #2
    well isnt that just fantastic.

    Comment

    • TheSenator
      Too lazy to set a custom title
      • Feb 2003
      • 13340

      #3
      can you explain the XXXX part of the string?
      ISeekGirls.com since 2005

      Comment

      • Bigjohn
        Confirmed User
        • Feb 2003
        • 1118

        #4
        Ya gotta love quality software...

        Comment

        • Basic_man
          Programming King Pin
          • Oct 2003
          • 27360

          #5
          Originally posted by Fukeneh
          well isnt that just fantastic.
          Hell fuckin' no !
          UUGallery Builder - automated photo/video gallery plugin for Wordpress!
          Stop looking! Checkout Naked Hosting, online since 1999 !

          Comment

          • xlogger
            Confirmed User
            • Jul 2004
            • 9507

            #6
            sounds interesting

            ----------
            XLOGGER [REFLECTED] [OH]

            Comment

            • Phoenix
              BACON BACON BACON
              • Nov 2002
              • 35475

              #7
              i figure it will take the adult indutry as a whole another day or two to have full working exits on SP2


              i mean we made the net right?

              we are the most sophisticated online business as well

              just looka at a mainstream sponsrs stats..they email them to you once a month some of them..lol
              Telegram PhoenixBrad
              https://quantads.io

              Comment

              • Cman
                Confirmed User
                • Jun 2004
                • 697

                #8
                so what does this mean exactly??

                if someone visits a site with that code in it, they will be redirected to the site listed in the exploit?
                I could put stuff here, but you don't care.

                Comment

                Working...