When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

IE Back button flaw

Neowin · with -1 comments

Thanks Tai and RaINE for the heads up.

IE allows urls containing the javascript protocol in the history list. Code injected in the url will operate in the same zone/domain as the last url viewed. The javascript url can be set to trigger when a user presses the backbutton.

The normal behaviour when a page fails to load is to press the backbutton. The error page shown by IE is operating in the local computer zone (res://C:WINNTSystem32shdoclc.dll/dnserror.htm# on Win2000). Thus, we can execute code and read local files.

This has been tested in Windows 2000/XP environment with Internet Explorer 6.0 fully patched. There is no patch available for this yet.

News source: BugTraq Archive

View: BugTraq - Using the backbutton in IE is dangerous

Report a problem with article
Next Article

Updated: Internetrix beta sign-up

Previous Article

Photoshop 7.0 Scripting plug-in

Join the conversation!

Login or Sign Up to read and post a comment.

-1 Comments - Add comment