|
Brought to you by:
Suppliers of:
|
|
|
| |
| By simply using the document.open method without document.close, an attacker can steal cookies, read local files that are parse-able by Internet Explorer (mime type text/html to be exact), and spoof sites. |
| |
Credit:
The information has been provided by the Pull.
|
| |
Vulnerable systems:
Internet Explorer 6.0
Demonstrations:
The following demonstrations are available at:
http://www.osioniusx.com
"cookieStealing.html" - This opens Yahoo.com and steals the cookie.
"FileReading.html" - This opens up C:\test.txt and then reads it.
"SiteSpoofing.html" - This spoofs www.chase.com (a bank) - chase.com is in the URL, the title, and there is a link on the page to log on to your account that comes back to www.osioniusx.com.
|
|
|
|
|
