IE8 one of the latest browser from Microsoft claimed offers users more protection than previous versions of the browser through a combination of new security and privacy features. Can be easily become of medium of XSS attack when most users read their text file through browser.
The XSS syntax was wrote in text format, executed successfully in browser Microsoft Internet Explorer 8 and IE 6. I don't have IE 7 installed, but I believe possibility is high and working as well in IE 7.
Text XSS PoC was tested and not working in Firefox browser and Google Chrome.
guama.txt source code:
Due to this kind of XSS can be easily executed in text file (Txt format), why still lots of users taking risks browsing using IE?
reference: www.smxiaoqiang.cn/guama.txt
0 comments:
Post a Comment