Bugtraq mailing list archives
Minor IE System Info Disclosure
From: dzzie () yahoo com
Date: Sun, 4 Nov 2001 16:11:22 -0600
I just stumbled across this the other day when i was playing... a remote server can poll a surfers computer and determin some applications they have installed by trying a load an image with the file:// protocol. if the file is found on disk the javascript onload event fires..if not the onerror event fires.. http://geocities.com/dzzie/sys_snoop1.html you can also check out the remote system by setting an iframe src=file:// to common paths to txt or xml files..if they are found they will raise the onload event (oddly enough .html extension wont raise event) http://geocities.com/dzzie/sys_snoop2.html
Current thread:
- Minor IE System Info Disclosure dzzie (Nov 04)