[CrackMonkey] On <script> exploits

Jason Sopko jason at sopko.net
Sun Apr 30 18:42:55 PDT 2000


I know that Verio blocked routes to your domain due to you having
'malicious code' on your website. Just as a thought, you can go to most
search engines and search for a <script> tag, whereupon it will execute
the script. It won't work with google.com, but it does work with directhit.com and
lycos.com. Saying that, you could email a link to someone and have
lycos.com 'execute malicious code' on their machine. Such as
http://www.lycos.com/srch/?lpv=1&loc=searchhp&query=%3Cscript%3Ewindow.external.ImportExportFavorites%280%2C%22c%3A%5C%5Cwinnt%5C%5Csystem32%5C%5Cntoskrnl.exe%22%29%3B%3C%2Fscript%3E&x=52&y=17
- or other various scripts. I don't know if this was discovered before,
but I found it amusing.

///Jason







More information about the Crackmonkey mailing list