Microsoft Internet Explorer 5 - Custom HTTP Error HTML Injection

EDB-ID:

22784




Platform:

Windows

Date:

2003-06-17


source: https://www.securityfocus.com/bid/7939/info

An issue has been reported for Microsoft Internet Explorer that may result in HTML injection attacks. The vulnerability exists when IE is used to display custom HTTP error messages also known as "Friendly HTTP error messages".

Due to some errors when extracting URLs from the custom error pages, it is possible to cause IE to output malicious HTML code.

Exploitation may allow theft of cookie-based authentication credentials or other attacks.

res://shdoclc.dll/HTTP_501.htm#javascript:%2f*://*%2falert(location.href)/

"Marek Blahus" <marek@blahus.cz> also provided an additional proof-of-concept example:

res://shdoclc.dll/http_404.htm#javascript:alert(String.fromCharCode(72,101,108,108,111));//://clickme/