what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

hijack2.txt

hijack2.txt
Posted Nov 26, 2003
Authored by Liu Die Yu

After applying the patch for MS03-048, Windows is still susceptible to the Hijack Click attack when performed in conjunction with the method caching attack which can make the window.move accessible again. Link to a demonstration included.

tags | advisory
systems | windows
SHA-256 | a06ff9d109e90948b1621c8cc5f4399cd3f2acd4266b9a925067a1f7cac1a306

hijack2.txt

Change Mirror Download
HijackClickV2 - a successor of HijackClick attack

[tested]
OS:Win2k3,CN version
IE: with MS03-048 installed.

OS:WinXp, CN version
Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16

[overview]
After applying MS03-048, the original HijackClick exploit doesn't work any more.
With method caching(a.k.a "SaveRef"), HijackClick works again.

[demo]
There is a harmless demo:
http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2/HijackClickV2-MyPage.htm

[technical details]
After applying MS03-048, the original HijackClick exploit doesn't work any more.
(Liu Die Yu's http://www.safecenter.net/UMBRELLAWEBV4/HijackClick/HijackClick-MyPage.HTM

Because window.moveBy is inaccessible. Method caching attack can make window.moveBy accessible again.

[Workaround]
Disable Active Scripting in INTERNET zone.

[Greetings]
greetings to:
Drew Copley, dror, guninski and mkill.

-----
all mentioned resources can always be found at UMBRELLA.MX.TC

[people]
LiuDieyuinchina [N0-@-Sp2m] yahoo.com.cn
UMBRELLA.MX.TC ==> How to contact "Liu Die Yu"

[message]
A wise man learns from other's mistakes; a fool learns from his own.

[Employment]
I would like to work professionally as a security researcher/bug finder.

See my resume at my site. I am very eager to work, flexible, and
extremely productive. I have a top notch resume, with credentials
from leading bug finders. I am willing to work per contract, relocate,
or telecommute.

[Give a Hand]
I haven't got a job as a security researcher yet and my family don't support my security work - so, I don't have a computer of my own. Please consider about donating at:
http://clik.to/donatepc
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close