mysecPremium
join:2005-11-29
kudos:4
4 edits | reply to Doctor Four
Re: Malvertisement on MSNBC.com using clipboard (copy/paste)Thanks for the link.
Meanwhile, a search around the internet reveals that various codes for this "feature" or "exploit" have been around for a long time.
As a "feature" people put code into their web pages with buttons to activate the copy/paste. Or to auto-copy text in a form.
As an "exploit" where you force something to be copied to the clipboard, here is one I found for IE5/6:
<script>
// Place your text in a variable
var strMyText = "some test text";
// Copy to clipboard
window.clipboardData.setData( "Text", strMyText );
</script>
I tried it even with that feature disabled in Options as mentioned by therube  or even if Scripting is disabled, but it works anyway. I might not be doing something right in Options -- I don't know IE that well.
As far as exploiting other browsers -- unfortunately no one in the Mac forum kept the URL for the offending page, and theories ranged from Java and Flash to Ajax as being able to write continuously to the clipboard, forcing the user to reboot to clear the clipboard.
By the way - what do you suppose was copied to the clipboard of the Mac user mentioned on the Apple forum? If you guessed the WinAntiVirus2009 freescan site URL, you win a prize!
EDIT:
Here is a site which tests IE for capturing your last clipboard entry. The code is different, and the paste fails if I have scripting disabled, or "Allow paste operations via script" disabled.
»www.sourcecodesworld.com/special···oard.asp
|
