7 matches found
MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection", 'Description' = %q This module exploits a universal cross-site...
CVE-2015-0072
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ieuxssinjection.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:34+00:00| seen|...
HackerOne: HackerOne is still prone to Internet Explorer UXSS
Hi, I have managed to leverage CVE 2015-0072, so that the attack will work with any framed resource protected by X-Frame-Options: DENY header. According to 103787, only https://hackerone.com/cdn-cgi/trace was unprotected and now its already fixed. In my PoC I used several X-Frame-Options protecte...
VulnCheck KEV: CVE-2015-0072
Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...
Microsoft Internet Explorer Universal XSS Proof Of Concept
Cookie hijacking: Internet Explorer UXSS CVE-2015-0072 Host below files on webserver attacker.com and share the exploit link with victims, exploit.php --- exploit link Share with victim redirect.php --- Script to redirect on target page target page should not contain X-Frame-Options or it will fa...
CVE-2015-0072
Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...
CVE-2015-0072
CVE-2015-0072 describes a Universal XSS (UXSS) in Internet Explorer 9–11, allowing remote injection of script by abusing IFRAME-based redirects and WindowProxy eval to bypass Same Origin Policy. The vulnerability affects Microsoft Internet Explorer versions 6–11 and can lead to arbitrary code exe...