[Full-Disclosure] internet-explorer: bug or feature?

[Andrew Clover]

<ko5 at hush.com> wrote:

 >   about:<script>alert('*plopp*');</script>

 > a small alert popps up and says me '*plopp*', so it seems, that i can
 > inject any code i want.

Originally reported here:

   http://www.doxdesk.com/personal/posts/bugtraq/20010819-ie.html

This was eventually fixed in IE6 SP1, after it was discovered that due 
to a parsing error this could be abused to execute in the security 
context of any target domain.

 > i am not sure if its what the 'about:'-construct is for

It was just another random pointless feature. IE has a lot of these. 
Sometimes they prove a security liability and very occasionally they get 
removed, but no-one seems to have thought of not including them in the 
first place.

-- 
Andrew Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/