- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 33063
- Проверка EDB
-
- Пройдено
- Автор
- MUSTLIVE
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2009-2350
- Дата публикации
- 2009-06-03
Код:
source: https://www.securityfocus.com/bid/35570/info
Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.
Internet Explorer 6 is vulnerable; other versions may also be affected.
With request to script at web site:
http://www.example.com/script.php?param=javascript:alert(document.cookie)
Which returns in answer the refresh header:
refresh: 0; URL=javascript:alert(document.cookie)- Источник
- www.exploit-db.com
