MSIE->LinkillerJPU:another caller-based authorization(is broken).

2003-09-11T00:00:00
ID SECURITYVULNS:DOC:5093
Type securityvulns
Reporter Securityvulns
Modified 2003-09-11T00:00:00

Description

LinkillerJPU:another caller-based authorization(is broken).

[tested] Browser Ver { MS Internet Explorer: 6.0.2600.0000.xpclnt_qfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; } (So, it's far from fully patched.) OS Ver: "Windows XP Cn ver"

[demo] http://www.safecenter.net/liudieyu/LinkillerJPU/LinkillerJPU-MyPage.HTM or http://umbrella.mx.tc ---> LinkillerJPU section ---> LinkillerJPU-MyPage file

[exp] refer to "Linkiller" at UMBRELLA.MX.TC progress: i found caller-based authorization is also used when [WindowObj].location.href="javascript:[JpuScript]"

[how] when i have a hammer, i search for a nail.

[greetings] the Pull, dror, guninski, http-equiv, sandblad, greymagic and "Friedrich L.Bauer"(man, for your execellent book). of course, mom and dad.

best wishes


from http://Umbrella.MX.TC on http://SafeCenter.NET