Deusen - insider3show - Patched

Deusen: This vulnerability has been patched.

An Internet Explorer vulnerability is shown here:
Content of can be changed by external domain.

How To Use
1. Close the popup window("confirm" dialog) after three seconds.
2. Click "Go".
3. After 7 seconds, "Hacked by Deusen" is actively injected into


Technical Details
Vulnerability: Universal Cross Site Scripting(XSS)
Impact: Same Origin Policy(SOP) is completely bypassed
Attack: Attackers can steal anything from another domain, and inject anything into another domain
Tested: Jan/29/2015 Internet Explorer 11 Windows 7

You can download which contains all files of proof-of-concept code, including PHP. Password of the ZIP file is "deusen".