mailing list archives
Brand New Hole: Internet Explorer: HijackClick 3
From: "http-equiv () excite com" <1 () malware com>
Date: Mon, 12 Jul 2004 19:13:12 -0000
Paul has posted a tantilizing demonstration to bugtraq today.
This Internet Explorer sure provides hours of free
entertainment. Let's install and run executable code on the
target computers for the hell of it. Paul's beautiful demo
tweaked as described below to do just that.
Microsoft just disabled those functions from
being called when the mouse button is down and called it
patched. No more hijackclick,
This is absolutely fantastic Paul, with a patented double-click
of the mouse we can remotely take over the target's computer:
Just substitute as follows:
1. <img src="greyhat.html" id=anch
('youlickit.gif');cursor:hand" title="click me!"></a>
Someone was querying the other day whether shell in Internet
Explorer poses a problem [despite repeated demonstrations].
Pah ! Probably not.
Quick and Dirty Working Demo:
Full-Disclosure - We believe in it.
- Brand New Hole: Internet Explorer: HijackClick 3 http-equiv () excite com (Jul 12)