4 matches found
MS Internet Explorer URL Injection in History List (MS04-004)
No description provided by source. // Andreas Sandblad, 2004-02-03, patched by MS04-004 // Name: payload // Purpose: Run payload code called from Local Machine zone. // The code may be arbitrary such as executing shell commands...
Mozilla fails to properly prevent "JavaScript:" URIs containing "eval()" from being executed in the context of other URIs in the history list
Overview Mozilla fails to properly restrict the execution of javascript: URIs. The impact is similar to that of a cross-site scripting vulnerability, which allows an attacker to access data in other sites. Description Mozilla uses a same origin security model to maintain separation between browse...
MS Internet Explorer URL Injection in History List (MS04-004)
Exploit for unknown platform in category remote exploits ============================================================= MS Internet Explorer URL Injection in History List MS04-004 ============================================================= // Andreas Sandblad, 2004-02-03, patched by MS04-004 //...
Microsoft Internet Explorer - URL Injection in History List (MS04-004)
// Andreas Sandblad, 2004-02-03, patched by MS04-004 // Name: payload // Purpose: Run payload code called from Local Machine zone. // The code may be arbitrary such as executing shell commands. // This demo simply creates a harmless textfile on the desktop. function payload file = "sandblad.txt";...