Recent XSS 0day vulnerability struck, the impact of the latest version of the IE browser-vulnerability warning-the black bar safety net

2015-02-06T00:00:00
ID MYHACK58:62201558836
Type myhack58
Reporter 佚名
Modified 2015-02-06T00:00:00

Description

!

Security researchers recently discovered a seriousXSS 0day vulnerability that can impact the latest version of the IE browser, the user is exposed in the attack and identity theft risk.

Vulnerability information

The vulnerability can affect fully restored IE browser, hackers can exploit the vulnerability to steal sensitive user data such as logon credentials and be able to browser sessions to inject malicious content.

An attacker using theXSSthe vulnerability may bypass the same-origin policy(SOP)。 The same-origin policy is a web application in a basic security model used to protect the user's browsing experience.

The same origin policy on Wikipedia interpreted as:

“The policy allows the same site, system, host name, and port number combination on the page of the script to access each other's DOM, but no specific restrictions, but blocking access to different sites on the DOM.”

Vulnerability POC

[1] [2] [3] next