Monday, May 12, 2008

Ghosts for IE8 and IE7.5730

Here's a new version of the last post code for hijacking IE6 and IE7 iframes.

Aparently some versions of IE where fixed, (the code didnt worked for 40% of the people), so after downloading the newest IE7, I kept researching and found another issue.

Sample PoC Here.

This time the code will open a new window (, it will hijack one of the iframes, and capture keystrokes.

It's the same idea as last time, but bypassing a weird protection.