[thelist] IE Back Button Exploit
James Wampler - Evolt
evolt at jwampler.com
Thu Apr 18 11:06:01 CDT 2002
This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Someone on Security Focus posted a BugTraq describing an exploit involving JavaScript and the back button in IE 6.0. IE apparenly allows Javascript to interact with History list, causing the back button to execute potentially hostile code. There is also some code posted so you can test it out. I just tried it out, and ended up reading info out of some of my cookies, as well as executing programs. Pretty scary.
http://online.securityfocus.com/archive/1/267561
-James Wampler
evolt at jwampler.com
--
More information about the thelist
mailing list