today's pet peeve

Joseph S. Barrera III joe@barrera.org
Thu, 18 Apr 2002 08:57:35 -0700


Speaking of that back button...

http://www.theregister.co.uk/content/4/24902.html

The IE back-button attack
By Thomas C Greene in Washington
Posted: 17/04/2002 at 17:50 GMT


Swedish security researcher Andreas Sandblad has discovered that the MS
Internet Explorer history list allows JavaScript in the URLs. The code will
execute in the same zone as the last URL visited, which in the case of the
error page generated by IE is the local computer zone. Thus when an error
page is generated, JavaScript can be injected into the history and executed
by use of the back button.

To illustrate it, Sandblad created a little script which works nicely. Just
choose the appropriate link, follow it, and then hit the back button. Big
laffs.

The script should work on most IE browsers but has been tested only with
IE-6 on Win-2K and XP, according to Sandblad's recent posting to the BugTraq
mailing list, where you can get a copy and play with it.

We've confirmed it for IE-6 on Win-XP Pro, and several readers have reported
that IE-5 is also affected. We've also heard that McAfee and NAV will block
it.

MS was notified on 12 November 2001, and reminded on 25 March 2002, Sandblad
says. Apparently they're not as worried as the major anti-virus vendors. (R)