Watch That Back Button

[goofyfish]

Emailed to me by J. Stutsman
Whoa... here's a stunner! Do you use the Back button in your browser? Of course you do. Run IE 6.0, by chance? Believe it or not, Microsoft found a way to screw even that function up. As it turns out, JavaScript code can be set to trigger when you hit the Back button, but the code will execute in the previous page's "domain". For example, if some pinhead puts a link on his website to a non-existent page, IE fires off a DNS error page that loads through the Local Security Zone. When you hit the back button, the page you were just at executes the JavaScript code within the security domain of the Local Security Zone, and virtually any application can be launched from there because there's no security to stop it.

Security Focus has provided exploit code to prove this concept, which I couldn't help but test and zippity-do-da... it worked!

[sarcasm]
How could Microsoft let that one slip through?
[/sarcasm]

The potential for this one is quite high, so be mindful of when you use your Back button. IE 6.0 on Windows 2000 and XP has been proven to be affected, though other versions and operating systems are likely to also be flawed.

Peace.

 

[Stryder]

I kind of knew of this through running a CGI script. I think I wrongly compiled PERL so that when you first tried running a script, it would forward you to a 500 Internal Server Error, but when you pressed the Back button the CGI script ran fine.

 

[wet1]

What? Another hole in the colonder discovered? Why am I not amazed?

 

[Avatar]

M$ tests their BETA versions on animals (i.e. us). All the MS products have a tradition to be released full of bugs and many other different insects.

 

[Rick]

hahahahahahahahahhahahahahahhahaha...

we are err...friendly customers...


bye!