Full Disclosure mailing list archives
Re: Re: Internet Explorer and Opera local zone restriction bypass
From: jelmer <jkuperus () planet nl>
Date: Wed, 29 Oct 2003 17:20:08 +0100
I tried that and as I expected that doesn't work , it just prompts for download.if you redirect to that file I think your confused with the object-tag-in-localzone type of vulnerabilities we had a while back, you could execute programs without parameters with that. but thats nothing like this, or should I perhaps write *NOTHING LIKE THIS!!!* ? as you seem to prefer caps, This vulnerability only removes the restrictions that servicepack 1 brought, in disallowing access to local urls --jelmer ----- Original Message ----- From: "Bipin Gautam" <door_hUNT3R () blackcodemail com> To: <full-disclosure () lists netsys com> Sent: Wednesday, October 29, 2003 3:29 PM Subject: [Full-disclosure] Re: Internet Explorer and Opera local zone restriction bypass
try this ... its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION file://c:\windows\system32\logoff.exe _____________________________________________________________ Secure mail ---> http://www.blackcode.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Internet Explorer and Opera local zone restriction bypass Thor Larholm (Oct 25)
- <Possible follow-ups>
- Re: Internet Explorer and Opera local zone restriction bypass Paul Szabo (Oct 25)
- Re: Internet Explorer and Opera local zone restriction bypass Bipin Gautam (Oct 29)
- Re: Internet Explorer and Opera local zone restriction bypass Bipin Gautam (Oct 29)
- Re: Re: Internet Explorer and Opera local zone restriction bypass fulldisc (Oct 29)
- Re: Re: Internet Explorer and Opera local zone restriction bypass jelmer (Oct 29)
- Re: Internet Explorer and Opera local zone restriction bypass Paul Szabo (Oct 30)
- RE: Internet Explorer and Opera local zone restriction bypass Paul Szabo (Oct 30)
- RE: Internet Explorer and Opera local zone restriction bypass Thor Larholm (Oct 30)
- Re: Internet Explorer and Opera local zone restriction bypass Valdis . Kletnieks (Oct 30)
- RE: Internet Explorer and Opera local zone restriction bypass Thor Larholm (Oct 30)
- RE: RE: Internet Explorer and Opera local zone restriction bypass Jerry Heidtke (Oct 30)