Plebo Aesdi Nael

2 exploits Active since Jun 2006

CVE-2006-3280 EXPLOITDB html WORKING POC

Microsoft Internet Explorer 6.0 - Info Disclosure

Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."

View Code

CVE-2006-3281 EXPLOITDB WORKING POC

Microsoft Internet Explorer 6.0 - RCE

Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.

View Code