Bugtraq mailing list archives
(MSIE) when parent gives his son bad things ;) --"dialogArguments " again
From: Liu Die Yu <liudieyuinchina () yahoo com cn>
Date: 19 Nov 2002 01:45:45 -0000
IFRAME in a page opened by "openModalDialog" has "dialogArguments" of its parent. [tested]MSIEv6(CN version) {IEXPLORE.EXE file version: 6.0.2600.0000} {MSHTML.DLL file version: 6.00.2600.0000} [demo] at http://www16.brinkster.com/liudieyu/BadParent/BadParent-MyPage.htm or clik.to/liudieyu ==> BadParent-MyPage section. /*note: please tell me if "MSIE SP1" allows an internet page contains an iframe with local content*/ [exp] IFRAME in a page opened by "openModalDialog" has "dialogArguments" of its parent. so Attacker can open (via "openModalDialog") his page which contains an iframe whose content is in the victim zone and uses "dialogArguments" directly without filtering. in the demo: (*)"victim zone" is localzone; (*)the page from victim zone is "res://shdoclc.dll/privacypolicy.dlg"; it uses "cookieUrl" without filtering. [how] realize that IFRAME has some properties the same as those of its parent. but the parent can be bad. (BTW, i used to hate that my parents give me many bad things, now i realize it's my job to resist bad things. ;) ) [contact] clik.to/liudieyu ==> "How to contact Liu Die Yu" section
Current thread:
- (MSIE) when parent gives his son bad things ;) --"dialogArguments " again Liu Die Yu (Nov 19)
- Re: (MSIE) when parent gives his son bad things ;) --"dialogArguments " again Dave Ahmad (Nov 19)
- RE: (MSIE) -"dialogArguments" (extended) GreyMagic Software (Nov 23)