{"id": "SECURITYVULNS:DOC:5090", "bulletinFamily": "software", "title": "MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method", "description": "\r\n\r\nBodyRefreshLoadsJPU:refresh is a new navigation method\r\n\r\n[tested]\r\nBrowser Ver\r\n{ \r\nMS Internet Explorer: 6.0.2600.0000.xpclnt_qfe.021108-2107;\r\nEncryption: 128-bit;\r\nPatch:; Q810847; \r\n}\r\n(So, it's far from fully patched. It also works after\r\napplying the patch for method caching attack.) \r\nOS Ver: "Windows XP Cn ver"\r\n\r\n[demo]\r\nhttp://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-MyPage.HTM\r\nor\r\nhttp://umbrella.mx.tc \r\n---> BodyRefreshLoadsJPU section\r\n---> BodyRefreshLoadsJPU-MyPage file\r\n\r\n[exp]\r\n[VictimWindow] is in another security zone, execute:\r\n[VictimWindow].location.href="javascript:[JpuScript]"\r\nthen [VictimWindow] will be navigated to a RES-protocol\r\npage.\r\nat last, press "REFRESH" button:\r\n"Refresh" tries to reload "javascript:[JpuScript]", and\r\nthe script is executed.\r\n\r\nquestion:how to press "REFRESH" button with JSCRIPT?\r\nanswer in this attack:\r\nSaveRef(or "object-caching attack") "document.body", \r\nthen:\r\nbodyRef.document.execCommand("Refresh")\r\n\r\n[how]\r\nspecial thanks to:\r\n"Andreas Sandblad" for "Using the backbutton in IE is\r\ndangerous";\r\n(then i tried to search for other navigation methods) \r\n"GreyMagic" for "GreyMagic Security Advisory GM#012-IE"\r\n(it showed "[DocElement].document" is something\r\ninteresting :-) ) \r\nand myself :-)\r\nread those documents. and look for buttons in MSIE.\r\n\r\n[greetings]\r\nthe Pull, dror, guninski, sandblad, greymagic and\r\n"Friedrich L.Bauer".\r\nof course, mom and dad.\r\n\r\nbest wishes\r\n\r\n-----\r\nfrom http://Umbrella.MX.TC on http://SafeCenter.NET", "published": "2003-09-11T00:00:00", "modified": "2003-09-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5090", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:08", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 2.9, "vector": "NONE", "modified": "2018-08-31T11:10:08", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:08", "rev": 2}, "vulnersScore": 2.9}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-02-26T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **mdnowsend[.]pl.ua** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-26T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:07503532-5090-3C15-8FF2-14EFD0FF8D61", "href": "", "published": "2021-02-27T00:00:00", "title": "RST Threat feed. IOC: mdnowsend.pl.ua", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-26T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **188[.]166.211.63** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-26T03:00:00.\n IOC tags: **generic**.\nASN 14061: (First IP 188.166.23.128, Last IP 188.166.255.255).\nASN Name \"DIGITALOCEANASN\" and Organisation \"DigitalOcean LLC\".\nThis IP is a part of \"**digitalocean**\" address pools.\nASN hosts 3376589 domains.\nGEO IP information: City \"\", Country \"Singapore\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:5A03C950-5090-3E2B-89E6-CB4F81FEC4BA", "href": "", "published": "2021-02-27T00:00:00", "title": "RST Threat feed. IOC: 188.166.211.63", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-26T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **xn--b1ajiiy0ba1da[.]xn--p1ai** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-26T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:A11B22A3-5090-3A10-809B-F62A51F4FCE0", "href": "", "published": "2021-02-27T00:00:00", "title": "RST Threat feed. IOC: xn--b1ajiiy0ba1da.xn--p1ai", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **mrrobot[.]coinpoolit.webhop.me** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:5A6ED21A-5090-3691-BC32-F07D71DDDF03", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: mrrobot.coinpoolit.webhop.me", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **egem[.]doma.ws** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-11-06T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-06T00:00:00", "id": "RST:D0BD27A4-5090-33E1-A0AB-3584E299D735", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: egem.doma.ws", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **launchpad-40[.]binance.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-11-06T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-06T00:00:00", "id": "RST:BE8D40D6-5090-3DCE-99BE-3C26CBF2CD88", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: launchpad-40.binance.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 qa.hiveon.net** in [RST Threat Feed](https://rstcloud.net/profeed) with score **20**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nWhois:\n Created: 2018-05-06 16:40:42, \n Registrar: Namecom Inc, \n Registrant: unknown.\nIOC could be a **False Positive** (Domain not resolved, but Whois records found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:DE44B225-5090-3CF8-97FC-829D626B41CB", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 qa.hiveon.net", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 epool.eu** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:500B61A7-5090-3494-98FD-E0C422866CBF", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 epool.eu", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-20T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **1[.]168.206.213** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2021-02-14T03:00:00, Last seen: 2021-02-20T03:00:00.\n IOC tags: **shellprobe**.\nASN 3462: (First IP 1.161.4.0, Last IP 1.175.255.255).\nASN Name \"HINET\" and Organisation \"Data Communication Business Group\".\nASN hosts 176325 domains.\nGEO IP information: City \"New Taipei\", Country \"Taiwan\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-14T00:00:00", "id": "RST:52EED91A-5090-394B-82BB-821CC2D2BBE1", "href": "", "published": "2021-02-21T00:00:00", "title": "RST Threat feed. IOC: 1.168.206.213", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-14T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **beaubienest[.]ca** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-14T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:B8B24812-5090-37C4-A34F-159BFCD4FF56", "href": "", "published": "2021-02-15T00:00:00", "title": "RST Threat feed. IOC: beaubienest.ca", "type": "rst", "cvss": {}}]}