Why is a raven like a writing desk? IE8 plain/text MIME Type or Media Type Issues

P/S: This might not be a new issue at all (But I documented it so I won’t forget or at least know where to look )

 from Alice in Wonderland

My life have it ups and downs . But last week was quite interesting,  I was fortunate enough to be given a  chance to conduct some lightning/bizzare art of  penetration testing technique at a prestigious organization that can block PornHub.


During my class on pwning a Win7 box I noticed that IE8 have some bizzare behaviour MIME type intepreation behaviour.

On a plain/text Mime IE8  will CSS Javascript Input under CompatabileView Mode. (Default mode).

Well dat just sucks right?

POC.

Dat was expected. plain/text Mime was interpreted correctly.

Now on IE8

I trip and spray

 Can we steal cookies?

Solution?

1. Disable Compatible View if you are not a developer..

2. Upgrade to the latest IE

3. Don`t use IE at all

Sumber: http://y0nd13.blogspot.com

Tweet