Disaster has a vulnerability Warning: Do not accidentally turn on the God mode-bug warning-the black bar safety net

ID MYHACK58:62201562287
Type myhack58
Reporter 佚名
Modified 2015-05-12T00:00:00


Generally speaking the Bank's security controls is to protect the computer, but this time it is for everyone to disastrous security issuesTick-2 0 1 5-0 9 6 3 3 9. the

What it does

In IE, there is a"safe mode", by default it must be turned on, but you installed certain banks the control they will put it off, the purpose is to the user experience, do so after you use online banking when it is no longer required and then confirm the loading control, more important is that this operation is permanent.

This reminds me of 1 4 years of a vulnerability, through the kill IE 3 - 1 1: A

Get a VBScript function of the memory address.

By the previous step to obtain the address using the first vulnerability is calculated"safe mode"address.

Then use a second vulnerability will be"safe mode"is set to 0, turn on"God mode".

Now, the Bank's"security controls"is equivalent to help hackers to do these things.

Turned on God mode after you browser to the attacker's web page, it can be directly on your computer to do any operation. For example, on the computer silently download an . exe then install, the installed . exe on what are capable.

About the"trusting domain"

Rigorous to say the security issues also need a trust domain site XSS of the page content injection, but compared to the IE vulnerability cost is very small.

You put on some of the IE control, they will usually put their own site is added to IE's trusted domains, you now open the "IE -> menu bar -> tools -> Internet Options -> trusted sites -> site"should be able to see PayPal and some Bank-related site, these are the"trust domain", the Site any page content can be controlled is possible for a hacker to use.

Vulnerability demo

The scope of the impact

Browser: IE-no version restrictions

Bank controls: Bank / building Bank / Bank / Huaxia Bank (continuously updated)

Repair way

The detection script and the patch: fix.js(after the download double-click Run

Manual fix:

IE -> menu bar -> tools -> Internet Options -> trusted sites -> click the"default level"-> click"Application"


If you use the detect patch found the problem, but not installed by the above list of controls, you can see if you trust the domain the site are what the site back to the column, so you can help us Find more presence of security,"security controls":)