[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: Internet Explorer and Opera local zone restriction bypass
- To: door_hUNT3R@blackcodemail.com, full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Re: Internet Explorer and Opera local zone restriction bypass
- From: jelmer <jkuperus@planet.nl>
- Date: Wed, 29 Oct 2003 17:20:08 +0100
I tried that and as I expected that doesn't work , it just prompts for
download.if you redirect to that file
I think your confused with the object-tag-in-localzone type of
vulnerabilities we had a while back, you could execute programs without
parameters with that. but thats nothing like this, or should I perhaps write
*NOTHING LIKE THIS!!!* ? as you seem to prefer caps, This vulnerability only
removes the restrictions that servicepack 1 brought, in disallowing access
to local urls
--jelmer
----- Original Message -----
From: "Bipin Gautam" <door_hUNT3R@blackcodemail.com>
To: <full-disclosure@lists.netsys.com>
Sent: Wednesday, October 29, 2003 3:29 PM
Subject: [Full-Disclosure] Re: Internet Explorer and Opera local zone
restriction bypass
> try this ...
>
> its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION
>
> file://c:\windows\system32\logoff.exe
>
>
>
> _____________________________________________________________
> Secure mail ---> http://www.blackcode.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html