Vulnerability Development mailing list archives
Re: IE Save as feature & Security zones - curious question
From: "Pauli Ojanpera" <pauli_ojanpera () hotmail com>
Date: Fri, 10 Aug 2001 16:19:19 +0300
I'm sorry I don't test these by myself but I have too lousy computer access here. As far as I can see, the zone preservation is achieved by tagging all stored HTML pages at the top of the file. How about if you link a page through an image tag? The page gets stored on local hard drive unmodified (if my tests are valid and the behavior stays same independant if youre online/offline (I were offline that is :)). Then you only have to open that page using Javascript or IFRAME or META Refresh. With Javascript you can also check if the page really is local (document.location) so you wont raise any alarm if it isn't. <IMG SRC="attack.html"> ----Original Message Follows---- From: "Justin Myers" <sysop0130 () hotmail com> To: pauli_ojanpera () hotmail com Subject: Re: IE Save as feature & Security zones - curious question Date: Thu, 09 Aug 2001 19:24:36 -0500I just tried it on IE 5.5 and the saved file had the same permissions as it did on the remote server.
HTH! ------- "It doesn't matter if I burn my bridges behind me; I never retreat." -Fiorello LaGuardia _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Current thread:
- IE Save as feature & Security zones - curious question Pauli Ojanpera (Aug 09)
- Re: IE Save as feature & Security zones - curious question dove (Aug 10)
- Re: IE Save as feature & Security zones - curious question Fab Siciliano (Aug 17)
- <Possible follow-ups>
- Re: IE Save as feature & Security zones - curious question Pauli Ojanpera (Aug 10)
- Re: IE Save as feature & Security zones - curious question Pauli Ojanpera (Aug 10)
- Re: IE Save as feature & Security zones - curious question dove (Aug 10)