[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Re: Re: Re: Opera 9.6x file:// overflow

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
From: theindigowolf@xxxxxxxxx
Date: Thu, 20 Nov 2008 16:30:15 +0000

Does that also hold true if you use a javascript/java applet to deliver the URL 
rather than just placing it in a text link?
------Original Message------
From: psy.echo@xxxxxxxxx
Sender: 
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
Sent: Nov 19, 2008 5:59 PM

Hi Peter,

Apropos File URI scheme, if you are saying about accessing a file with 
something like file://abcd... in a link, 'over a network', then most of the 
browsers (perhaps all) do not follow "file:" links on a page that is fetched 
with "HTTP". The purpose is "security" or to prevent a remote page from 
executing a program on the visitor's computer. 

The file: links work on pages that are local files on the user's disk! Though 
in some browsers these settings can be changed. That is why the Opera exploit 
through file://abcd.... does not work on network.

Hope it answers your query!

--
Thanks & Regards,
Rishi Narang | Security Researcher
Member, Evil Fingers
Vulnerability Research Analyst, Third Brigade Labs
Blog: www.greyhat.in | Associations: www.evilfingers.com | www.thirdbrigade.com

.... eschew obfuscation, espouse elucidation.

Sent via BlackBerry by AT&T

Prev by Date: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani
Next by Date: Re: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
Previous by thread: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
Next by thread: Re: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
Index(es):
- Date
- Thread