Vulnerability Development mailing list archives
Re: Netscape forms using standard windows controls
From: dreynol () COLUMBUS RR COM (Derek Reynolds)
Date: Sun, 21 May 2000 13:09:03 -0400
Hello No, IE and Outlook use a COM interface. Its not an "Inside Technology". -- Best regards, Derek mailto:dreynol () columbus rr com Sunday, May 21, 2000, 5:52:39 AM, you wrote: NU> This cannot be new - but I just found out. My intention was to write an automatic form filler (if you have to know 4 sure: to check all nailnews items wiv one click). Forms displayed in netscape NU> for Win32 use standard windows controls. If you do an EnumChildWindows() on a form, you will get all kinds of Button Edit fields. NU> IE doesnt do this. You can check out by yourself by pointing Spy++ at IE while its displaying a form: there is just one window that you will find, namely "Internet Explorer_Server". This looks NU> like another one of those "inside technologys" M$ uses to annoy competitors - those things sure look like standard controls, but they arent. Anyone know just what they do ? Same in Outlook, btw. NU> Back to NS: you can easily subclass a window, say, a password edit field - no big deal. If NS reads the form data, it will read the contents of the window. So, forms filling can be done but you NU> can do all kinds of nasty things, too: such as sending the pwd somewhere else, or (if you want to make someones life miserably), garble the contents so that all login attempts to secure sites NU> will fail. NU> Workarounds: I dont know of any safe way to prevent running windows from being seen by EnumChildWindows() - other than the said M$ code - the first (and crucial step) if you want to remotely NU> subclass a window.
Current thread:
- Re: reverse engineer c or java, (continued)
- Re: reverse engineer c or java phazer (May 20)
- Re: reverse engineer c or java Warner Losh (May 21)
- Re: reverse engineer c or java Liviu Daia (May 22)
- String checking with PHP Arturo Busleiman (May 24)
- Re: String checking with PHP Joe (May 24)
- Re: String checking with PHP Arturo Busleiman (May 24)
- Why not a changeling? Daniel Petzen (May 20)
- Re: Why not a changeling? Bluefish (May 20)
- Re: Why not a changeling? Daniel Petzen (May 20)
- Netscape forms using standard windows controls No User (May 21)
- Re: Netscape forms using standard windows controls Derek Reynolds (May 21)
- Re: Netscape forms using standard windows controls Pavel Kankovsky (May 22)
- Re: Netscape forms using standard windows controls Chon-Chon Tang (May 22)
- Re: Why not a changeling? Bluefish (May 21)
- TopLayer layer 7 switch Advisory User nawk (May 20)
- Re: chsh Segfault on FreeBSD 3.3 Pavol Luptak (May 20)
- Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
- Re: UPDATE on possible new "e-mail virus" concept ? Jon Williams (May 20)