A lightly-moderated mailing list for the discussion of security issues

headers Andrew Clover | 1 Apr 2004 23:03

<ko5 <at> hush.com> wrote:

 >   about:<script>alert('*plopp*');</script>

 > a small alert popps up and says me '*plopp*', so it seems, that i can
 > inject any code i want.

Originally reported here:

   http://www.doxdesk.com/personal/posts/bugtraq/20010819-ie.html

This was eventually fixed in IE6 SP1, after it was discovered that due 
to a parsing error this could be abused to execute in the security 
context of any target domain.

 > i am not sure if its what the 'about:'-construct is for

It was just another random pointless feature. IE has a lot of these. 
Sometimes they prove a security liability and very occasionally they get 
removed, but no-one seems to have thought of not including them in the 
first place.

--

-- 
Andrew Clover
mailto:and <at> doxdesk.com
http://www.doxdesk.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Mon	Tue	Wed	Thu	Fri	Sat	Sun

			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

157	May 2013
351	April 2013
292	March 2013
157	February 2013
276	January 2013
266	December 2012
223	November 2012
269	October 2012
207	September 2012
379	August 2012
385	July 2012
423	June 2012
319	May 2012
378	April 2012
378	March 2012
470	February 2012
602	January 2012
508	December 2011
461	November 2011
994	October 2011
403	September 2011
416	August 2011
366	July 2011
553	June 2011
552	May 2011
563	April 2011
437	March 2011
669	February 2011
582	January 2011
695	December 2010
369	November 2010
514	October 2010
418	September 2010
427	August 2010
407	July 2010
621	June 2010
405	May 2010
453	April 2010
564	March 2010
480	February 2010
614	January 2010
501	December 2009
366	November 2009
348	October 2009
473	September 2009
454	August 2009
552	July 2009
309	June 2009
281	May 2009
319	April 2009
458	March 2009
387	February 2009
979	January 2009
644	December 2008
732	November 2008
554	October 2008
625	September 2008
560	August 2008
592	July 2008
396	June 2008
666	May 2008
819	April 2008
603	March 2008
510	February 2008
609	January 2008
634	December 2007
593	November 2007
894	October 2007
688	September 2007
512	August 2007
662	July 2007
662	June 2007
568	May 2007
750	April 2007
576	March 2007
574	February 2007
589	January 2007
499	December 2006
536	November 2006
681	October 2006
573	September 2006
843	August 2006
781	July 2006
1044	June 2006
787	May 2006
895	April 2006
1821	March 2006
737	February 2006
988	January 2006
1539	December 2005
1056	November 2005
678	October 2005
894	September 2005
1057	August 2005
697	July 2005
432	June 2005
689	May 2005
660	April 2005
904	March 2005
662	February 2005
778	January 2005
766	December 2004
1347	November 2004
1121	October 2004
1052	September 2004
1261	August 2004
1310	July 2004
973	June 2004
1415	May 2004
1140	April 2004
1491	March 2004
1519	February 2004
1346	January 2004
774	December 2003
1129	November 2003
1794	October 2003
1779	September 2003
1953	August 2003
1265	July 2003
885	June 2003
420	May 2003
499	April 2003
300	March 2003
397	February 2003
510	January 2003
313	December 2002
458	November 2002
379	October 2002
672	September 2002
839	August 2002
183	July 2002
2	June 2002
3	April 2002
2	February 2002

Re: internet-explorer: bug or feature?

OpenLinux: util-linux could leak sensitive data

OpenLinux: vim arbitrary commands execution through modelines

UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment

Re: Security Hole in HTTP (RFC1945) - Browser-Spoofing

Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France

RE: Addressing Cisco Security Issues

Re: Bugfinder Being Indicted As Criminal ("Counterfei France

AW: Security Hole in HTTP (RFC1945) -Browser-Spoofing

Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France