Permision Denied For me xp full patched sp 1 ----- Original Message ----- From: <liudieyu@xxxxxxxxxxxxx> To: <bugtraq@xxxxxxxxxxxxxxxxx> Sent: Monday, June 21, 2004 4:35 AM Subject: IE/0DAY -> Insider Prototype > > > [tested] > Internet Explorer 6 SP1 running on Windows XP(Home Edition) Service Pack 1a > Updated on 2004/07/21 GMT+800 > > [intro] > "the-insider" exploit was first noticed by the-insider: > http://umbrella.name/iebug.com/display-singlemessage.php?readmsg:fulldisclosure_message-2004060050 > and then documented by jelmer: > http://umbrella.name/iebug.com/display-singlemessage.php?readmsg:fulldisclosure_message-2004060124 > http://62.131.86.111/analysis.htm > > [what is new] > the exploit is complicated. > > i just simplified the exploit and made a very small demo of the xss > vulnerability: > http://UMBRELLA.NAME/originalvuln/InsiderPrototype/demo.htm > i hope it helps those who are confused by tons of code there in the > exploit. > > the prototype is actually extremely simple - and cool. > > that's all. > > [request your comment on iebug.com] > btw, what do you think of iebug.com > http://iebug.com > ? > do you prefer just reading selected messages? > i can make iebug display selected messages only; i can enable all > visitors to vote for a message - or you have a better idea for > iebug.com? > > please comment on iebug.com and let me know. > > iebug.com: > ----- > Security and Vulnerability Discussion related to Internet Explorer, > Outlook, Java Virtual Machine and Windows Media Player found at > bugtraq, full-disclosure and microsoft security bulletin > > up-to-hour > ----- > > [ps] > have a nice day, > > greetingz fly to: the Pull and dror > and all real full-disclosure guys, especially: malware and jelmer > and at last,but not least, all guys who helped improving winblox, epecially: > mdc12 and morning_wood > for contributing their code - it's a shame that i got some goddamned exams in > the remaining june. > > i deleted all my email messages, please resend your email if i missed. > > liu die yu > http://umbrella.name/ > > >
