[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Internet Explorer and Opera local zone restriction bypass



I tried  that  and as I expected that doesn't work , it just prompts for
download.if you redirect to that file

I think your confused with the object-tag-in-localzone type of
vulnerabilities we had a while back, you could execute programs without
parameters with that. but thats nothing like this, or should I perhaps write
*NOTHING LIKE THIS!!!* ? as you seem to prefer caps, This vulnerability only
removes the restrictions that servicepack 1 brought,  in disallowing access
to local urls

--jelmer



----- Original Message ----- 
From: "Bipin Gautam" <door_hUNT3R@blackcodemail.com>
To: <full-disclosure@lists.netsys.com>
Sent: Wednesday, October 29, 2003 3:29 PM
Subject: [Full-Disclosure] Re: Internet Explorer and Opera local zone
restriction bypass


> try this ...
>
> its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION
>
> file://c:\windows\system32\logoff.exe
>
>
>
> _____________________________________________________________
> Secure mail ---> http://www.blackcode.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html