佚名MYHACK58:6220055672Surprise storms, IE6 latest vulnerability code, you can hung it-vulnerability warning-the black bar safety net
Today ncph group testing found that the JavaScript IE 6 vulnerability
Its use of code as follows:
<script type=“text/jscript”>
function init() {
document. write(“The time is:” + Date() );
}
window. onload = init;
</script>
Using this code you can hide the page in front of html code, run after it can only see the javascript statement inside the implementation of the code.
And after refresh also no longer see Web site source code, and can use javascript to execute arbitrary code.
In fact, hanging horse not to be missed the best time.
Test method:
<h1>ncph of something<i>before</i></h1>
<br> the <b>JavaScript</b>… ncphncph
<script type=“text/jscript”>
function init() {
document. write(“The time is now:” + Date() );
}
window. onload = init;
</script>
And <u>ncph of something</u> after the <b>JavaScript</b>
Save the above code as an html page look.
If only to see the above time, just to prove you ie also the presence of this vulnerability. (The front and back of the code?^.^)
Believe slightly understand a little html language people know what the use of it.
Now ninety percent of a few of the ie are the presence of this vulnerability.
In xp sp2 2 0 0 0 sp4 2003sp1 test.
by rose of ncph studio
http://www.ncph.net