?

Log in

No account? Create an account
Jazzy
jazzyreturns
.:::..::.::. .. .::: ....::. .:: ..:.:
November 2012
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30

Jazzy [userpic]
Naughty Microsoft

Found a nasty little XSS (Cross Site Scripting) bug on Microsoft's MSDN website earlier. It allows a user to control the main frame, which could be quite handy to someone when used with a little social engineering.
Anyway, I won't go into too much detail as they have yet to fix it (working with them now), so I'll just post a couple of screen I took. In these I have hosted a modified MS webpage on a personal server and simply edited with a meta-refresh and link pointing to MS07-042.exe. Obviously this could also be replaced with an MPack iframe or similar.


With Frame



Without Frame

Current Mood: geeky