> ie shows me a page with the content 'mooh' and when i call
>
> about:alert('*plopp*');
>
> a small alert popps up and says me '*plopp*', so it seems, that i can
this is a local zone for ie if you can manage to script it then you could 0wn other
people without too much effort
-aditya
___
<[EMAIL PROTECTED]> wrote:
> about:alert('*plopp*');
> a small alert popps up and says me '*plopp*', so it seems, that i can
> inject any code i want.
Originally reported here:
http://www.doxdesk.com/personal/posts/bugtraq/20010819-ie.html
This was eventually fixed in IE6 SP1, after it was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>What version of ie are you running? Unable to verify this behaviour
>on 6.0.2800
i tested it at 6.0.2600 (windows-xp) and now tried it at 5.0.2614 (windows-
98), there it also works.
probably my ie isn't up to date .. this happens if you migrate to m
about:alert('*plopp*');
a small alert popps up and says me '*plopp*', so it seems, that i can
inject any code i want.
What version of ie are you running? Unable to verify this behaviour on
6.0.2800
btw: about:mozilla seems to be special .. it looks a bit strange ..
hehe, yes. try about:mo
