Major Internet Explorer Vulnerability - NOT Patched

2015-02-11T00:00:00
ID SECURITYVULNS:DOC:31704
Type securityvulns
Reporter Securityvulns
Modified 2015-02-11T00:00:00

Description

Deusen just published code and description here: http://www.deusen.co.uk/items/insider3show.3362009741042107/ which demonstrates the serious security issue.

Summary An Internet Explorer vulnerability is shown here: Content of dailymail.co.uk can be changed by external domain.

How To Use 1. Close the popup window("confirm" dialog) after three seconds. 2. Click "Go". 3. After 7 seconds, "Hacked by Deusen" is actively injected into dailymail.co.uk.

Technical Details Vulnerability: Universal Cross Site Scripting(XSS) Impact: Same Origin Policy(SOP) is completely bypassed Attack: Attackers can steal anything from another domain, and inject anything into another domain Tested: Jan/29/2015 Internet Explorer 11 Windows 7

If you like it, please reply "nice".

Kind Regards,