Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] internet-explorer: bug or feature?

from [ko5] Network Security [Permanent Link]
Subject: [Full-Disclosure] internet-explorer: bug or feature?
Date: Wed, 31 Mar 2004 06:30:39 -0800 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi!

today i played around a bit with my ie (6.0) to test something and i

found the following behaviour:

when calling a url like

  about:mooh

ie shows me a page with the content 'mooh' and when i call

  about:<script>alert('*plopp*');</script>

a small alert popps up and says me '*plopp*', so it seems, that i can

inject any code i want.

i am not sure if its what the 'about:'-construct is for, but mozilla

doesn't include everything after the ':' in the body of the document.

sry if this was reportet before, but i haven't found something about

this in google or in the archives.

i think its an interesting behaviour ..

btw: about:mozilla seems to be special .. it looks a bit strange ..


ko5
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkBq1kkACgkQn/NqHSmNzSyq1QCfRT3114BilAbYS+PmUIY7Ztke6SQA
oKTK1Raks5IYc1AjMJ8nb1SIYKwV
=9kw/
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Re: SMTP Encryption (S/MIME) for Outlook question, Volker Tanger
Next by Date:  [Full-Disclosure] [ GLSA 200403-14 ] Multiple Security Vulnerabilities in Monit, Aida Escriva-Sammer
Previous by Thread:  [Full-Disclosure] CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities, S-Quadra Security Research
Next by Thread:  Re: [Full-Disclosure] internet-explorer: bug or feature?, Luke Norman
Indexes:  [Date] [Thread] [Top] [All Lists]