Internet Explorer 6 Security Hole Example

NeoNSX

NeoNSX

Legendary Member
Joined
2 October 2001
Messages
8,546
Location
Melb. AUSTRALIA
Most of us are constantly aware of the security holes appearing (and sometimes re-appearing) in Internet Explorer, and the endless stream of patches that fix them. And usually the description on Windows Update is vague like "allows code to be run that can be exploited by malicious people". :confused: But we never see what the hole really looks like or how it could be exploited.

Here's something different: here's an example of a current exploit that could be used to conduct cross-site scripting attacks. Check it out for yourselves in IE6 and see for yourselves:

<B> http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/ </B>

Note: This is safe and does not contain viruses, trojan, keyloggers or any other spooky stuff. :)

Ok... let's have a poll who's going to continue using IE after reading this post? :D
 
NsXMas said:
Google toolbar is your friend...
Click to expand...
This statement is somewhat misleading. The link Neo provided is a demonstration of the vulnerability. For demonstration purposes it is shown in a new window, which may be blocked by a pop-up blocker. It can be implemented in other ways, so Google toolbar’s pop-up blocker won’t always protect against it. Following the instructions in the advisory (disable ActiveX support for Internet zone) should eliminate the issue.
 
Last edited:
Ojas said:
This statement is somewhat misleading. The link Neo provided is a demonstration of the vulnerability. For demonstration purposes it is shown in a new window, which may be blocked by a pop-up blocker. It can be implemented in other ways, so Google toolbar’s pop-up blocker won’t always protect against it. Following the instructions in the advisory (disable ActiveX support for Internet zone) should eliminate the issue.
Click to expand...
or do a windows update when a patch is available.

I think Google toolbar is providing protection. Even when I enable pop-ups, I can't get the vulnerability to "work". Google toolbar seems to be able to deny the vulnerability to succeed, or at least this test.
 
NsXMas said:
I think Google toolbar is providing protection. Even when I enable pop-ups, I can't get the vulnerability to "work". Google toolbar seems to be able to deny the vulnerability to succeed, or at least this test.
Click to expand...
Interesting - What URL do you see in the address bar of the new window?

I looked through the code and think it is possible to perform the same type operation without a new window (using an IFRAME or FRAME, for example). The Google toolbar would have no effect in this scenerio. Even if it did, I would not assume I am protected if I am relying exclusively on a pop-up blocker.
 
Interesting?

So did you guys get it to work?

What should happen is the website address bar shows "www.paypal.com" but the website is still "secunia.com". See attached.

This means an attacker could start a website that look and act EXACTLY like paypal or another website, but be spoofing your credit information. :mad:

This is similiar to a spoofing incident a colleague of mine experienced with Ticketek (an online ticket ordering service here in Australia). A website was posing as ticketek by tunnelling the legitimate ticketek.com website through it's own framed pages. The owner of the spoofed-website had even setup a digital certificate to "ticketeh" so the website had a secure padlock and everything. :eek:

This thread isn't to scare people but just be really careful and keep uptodate with patches.
 

Attachments

  • untitled.GIF
    untitled.GIF
    39.8 KB · Views: 95

Similar threads

queenlives
15 free security programs that work
Replies
1
Views
604
topman2005
topman2005
Jimbo
Now I understand about Windows security...
2
Replies
42
Views
2K
Motegi
M
Back
Top