I am doing pentest for some company and about to use IE public exploit to take over a client. I need to run html including IE exploit , with an iFrame, but I can’t run the iFrame in windows 7 properly. the exploit dosen’t properly works, even it didn’t crash in windows 7 with iFrame. I dont know what’s the problem. for example in this code
"test.html" is IE public exploit(CVE-2014-1770) including javascript code & Heapspray.
the exploit link is: https://github.com/wchen-r7/metasploit-framework/commit/49551013cce106a4bd6a3477319e1d3466c615bb .
the exact code works without Iframe but when I load it from an iframe, it doesn’t work as it should in windows 7 & crashing in windows xp. I change this for windows 7 manually.
Curious if you had similar experience with IE exploits and iframe and any idea why this happen and how to fix the issue ?
Related
GWT is used and the application is deployed on WebLogic using HTTPS.
The performance is poor and with F12 Developer Tools, we could see that blank.html is downloaded multiple times. This is clearly related to GWT but we have not been able to figure out why.
The following is from javascript:
defineSeed(2613, 2614, makeCastMap([Q$BaseModelData, Q$ModelData, Q$Theme, Q$Serializable]), Slate_0);
var SLATE;
function $clinit_GXT(){
$clinit_GXT = nullMethod;
IMAGES = new XImages_generatedBundle_0;
MESSAGES = new XMessages__0;
SSL_SECURE_URL = getModuleBaseURL() + 'blank.html';
}
This is from GWT.java:
/**
* URL to a blank file used by GXT when in secure mode for iframe src to
* prevent the IE insecure content. Default value is 'blank.html'.
*/
public static String SSL_SECURE_URL = GWT.getModuleBaseURL() + "blank.html";
Does anyone know under what circumstances blank.html is called?
Thanks!
This is from GWT.java:
This is actually from GXT.java.
This is used in a few cases when creating an <iframe> element, so that IE won't give errors if your site is hosted from SSL. I can actually only find one case (as of GXT 3.1.1) which uses this, in Layer.java. Only IE pages loaded from https urls will make use of this.
The Layer class uses this as a "shim", a way to prop up some DOM elements above overs, and work around some browser bugs (typically plugin or iframe related). Menus and popup dialogs use this to ensure that they don't appear "underneath" content that they should be "above".
This file is very small - just enough HTML to convince IE than the iframe has correctly loaded, and no more. It never changes, and should load nearly instantly.
As far as performance goes, this should only happen when a Menu or Window/Dialog/Tooltip is shown - these shouldn't be happening on app startup usually, at least not more than a window or two. Additionally, the browser should recognize that it is loading the same element and cache it correctly, and not load it multiple times (though it might be listed several times as hitting the cache). If the server has instructed the browser to never cache the file, that is something you should look at changing.
In short, this is very unlikely to be the cause of any performance issues, at least in GXT itself. If somehow you have the shim enabled on every single widget in your project, this should not be required. If the file is loading slowly, something may be very wrong with your server configuration.
For reference, here is the entire file:
<html></html>
My webstart runs fine whenever there is internet connection. It also runs fine when I disconnect from wifi. But it does not work if my computer is connected to public wifi (ie. coffeeshop, airport, etc) such that if I open a browser it forwards me to a html page that asks me to click on a button to connect to internet.
Basically Java webstart thinks that the html welcome page is the new update to my jnlp file so it replaces my jnlp with the welcome page html. Of course that will fail to parse, so I get a parse error and I cannot recover from it unless I completely remove my webstart application from cache and re-download and re-install it.
Has anyone else experienced this? Is there a way to prevent this issue?
I submitted a bug report to OpenJDK:
https://bugs.openjdk.java.net/browse/JDK-8079874
Unfortunately it's marked as incomplete. Evidently I wasn't clear about what the problem is. I'll try to get in touch with them to see which part is not clear.
I recently upgraded my application to GWT 2.7 from GWT 2.5. This has caused me to drop support for IE6 and IE7.
I would like to provide users with IE6 or IE7 with a warning that their browser is outdated and will not work. At the moment if you go to the app with one of those browsers, you get a blank screen.
I know there are a couple ways that I could hack something together but I would rather use the GWT way, rather than some hack. Is there a GWT hook for unsupported browsers?
Option (hack) One
Drop this into my main.html:
if(document.documentMode === 6 || document.documentMode === 7){
myUnsupportedBrowserWarningFunction();
}
Potential problem with this is that if someone is using a browser that GWT doesn't recognise and I don't recognise (mobile opera? Some other browser), they will still get a blank page.
Option (hack) Two
GWT looks for the compiled JS here:
gwt/myApp/ASDFKLSDJFLSFDJSLDFJLSJDFSDES.cache.js
When someone is using an unsupported browser the following is requested (and is not found):
gwt/myApp/undefined.cache.js
It would be possible to create undefined.cache.js and put your unsupported browser code there. This is obviously a brittle solution and will break with future GWT updates.
Option Three
A recent patch (available in GWT 2.7) allows you to provide a default
permutation (e.g. safari) if GWT can not detect the browser and with
deferred binding you can display a warning that the provided app might not
work correctly as the browser is generally unsupported by GWT.
-- J.
Source
I don't want to set a default permutation for unsupported browsers. I want the site to not work and to display a warning. So this solution doesn't really provide what I am looking for.
Similar Questions & Posts
The same question was asked for an eariler version of GWT in 2009. I hope that GWT has added some kind of hook or best practice in the last 6 years.
More info on setting a default (fallback) permutation
You should be able to use onLoadErrorFn for that: https://code.google.com/p/google-web-toolkit/issues/detail?id=8135
<script>
function gwtLoadError(errMsg) {
// GWT app couldn't load, reason in errorMsg
}
</script>
<meta name="gwt:onLoadErrorFn" content="gwtLoadError">
or possibly onPropertyErrorFn:
<script>
function gwtPropError(propName, allowedValues, actualValue) {
if (propName == 'user.agent') {
// unsupported browser
}
}
</script>
<meta name="gwt:onPropertyErrorFn" content="gwtPropError">
(I don't think user.agent.runtimeWarning would help in this case, but maybe have a look)
There is an easy way:
Conditional Comments
<!--[if lt IE 8]>
<p>You are using an unsupportet browser. Please perform an update</p>
<![endif]-->
I think Option 3 may be the best one, but there is a problem: This will start the actual application (which still may be incompatible).
If this is an issue and you want a clear warning, you can rewrite the permutation selection script (You would need to update the script with the upcoming GWT releases)
You will need to copy this source:
https://gwt.googlesource.com/gwt/+/2.7.0/user/src/com/google/gwt/useragent/rebind/UserAgentPropertyGenerator.java
You could add something like:
$wnd.Location.replace('nosupported.html');
between line 90 and 91
First off, I apologize if it's considered poor etiquette to cross-post on stackexchange sites, but this seemed appropriate for both the webmasters site and here, as it's a common issue for webmaster, but may be able to be solved by coders. In any case, here goes...
OK, so this seems like a really simple problem, but I have yet to find a solution that accomplishes the following:
Opens the link in a new window
Tracks the event in GA when using the asynchronous code
Doesn't trigger pop-up blockers (uses target="_blank" instead of window.open)
Most of the code I've seen, including Google's, doesn't take into account the case of opening in a new window - they just use window location.href.
Even GAAddons (http://gaaddons.com/), which charges for commercial use, seems to not manage opening in new windows properly.
Perhaps, I'm missing something simple - I'd be relieved if so and would thank profusely whoever points it out to me!
If no one is able to provide an example, I'll post some of the test cases I've created to illustrate the problem.
Thanks.
[EDIT] I've since tested the GAAddons code more throughly and have found it to work. I'm guessing the problem that was being reported earlier by a client using Chrome 7 on Windows was more likely a configuration issue than something related to the GAAddons library itself.
You put it in the link's onclick attribute:
some link
The method I've found to satisfy all the requirements I've mentioned is the one found here:
http://cutfromthenorth.com/add-external-link-tracking-with-jquery-and-google-analytics/
It's actually quite simple, leading me to think that there was some other reason why other code wasn't working in earlier tests.
However, I can confirm that the method that's mentioned in the comments on this Google page - http://www.google.com/support/googleanalytics/bin/answer.py?hl=en&answer=55527 - does not meet the above requirements (new windows trigger popup warning on Chrome and IE).
The Google code does work for tracking external links not opened in a new window.
here's the snippet:
$('a[target=_blank]').click(function(){
try{
_gaq.push(['_trackEvent', 'External Links', 'Click', $(this).attr('href')]);
} catch(err) {}
return true;
});
I've tested on the following browsers:
PC:
IE 6 - 9
Firefox 3.6, 4.0
Chrome 9, 10
Safari 5
Opera 11
Mac:
Safari 5
Chrome 10
Firefox 3.6, 4.0
Also tested on iPhone 4 and the native Android browser on Gingerbread
I have 5 users (3 locations) using the pages that have Tiny_MCE text areas.
I receive No Errors and it works Perfectly on the other 4 machines running IE7 This would indicate there is No JavaScript Errors.
One user only is seeing the raw html code and no buttons at all.
I suspect it must be some IE setting that is wrong.
It does not appear that Javascript is disabled, as other Javascript functions work on that same site on the same machine in IE.
This user is running XP Pro, and IE 7.
When I installed FireFox on his machine, the Tiny_MCE works perfectly. This would Also indicate there is No JavaScript Errors.
I'm at a loss to explain it.
Any Ideas would be appreciated.
Thanks
Once I ran into same issue and the fix was to remove a comma at the end of the script. So check whether the error pattern is present in your code.
For example, the following code contains a bug which will prevent it from running in IE7.
tinyMCE.init({
// General options
mode: "textareas",
theme: "advanced",
...
template_replace_values: {
username: "Some User",
staffid: "991234"
}, // <<< BUG - Additional comma here
});
If you can enable javascript debugging in IE7 then post the js error here.
Funny thing. The problem fixed itself with no human assistance. No Reboot, No Nothing. after being AFU for 2 weeks, it just started working again.
Got to Love Windows!
I've encountered this before and it has always been a caching issue. Use Ctrl-F5 in IE to force a full refresh of the page and all its files (*.css, *.js) in the browser and the browser cache. My guess is the IE 7 computer that was bad had a 14 day setting for checking if files were up to date.
Sometimes it's been worse - the web server (tomcat 5.5) would cache the file too and not notice the file was updated. Restarting the web server fixed that.
We are experiencing the same problem with our software last few months.
I found this forum topic on developer's website:
http://tinymce.moxiecode.com/punbb/viewtopic.php?pid=66594
In short words, he is recommending to set strict_loading_mode to true when initializing tinymce. I've done that, and since that i had no problems.