Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Internet Explorer and Opera local zone restriction bypass

From: jelmer <jkuperus () planet nl>
Date: Wed, 29 Oct 2003 17:20:08 +0100
I tried  that  and as I expected that doesn't work , it just prompts for
download.if you redirect to that file

I think your confused with the object-tag-in-localzone type of
vulnerabilities we had a while back, you could execute programs without
parameters with that. but thats nothing like this, or should I perhaps write
*NOTHING LIKE THIS!!!* ? as you seem to prefer caps, This vulnerability only
removes the restrictions that servicepack 1 brought,  in disallowing access
to local urls

--jelmer



----- Original Message ----- 
From: "Bipin Gautam" <door_hUNT3R () blackcodemail com>
To: <full-disclosure () lists netsys com>
Sent: Wednesday, October 29, 2003 3:29 PM
Subject: [Full-disclosure] Re: Internet Explorer and Opera local zone
restriction bypass



try this ...

its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION

file://c:\windows\system32\logoff.exe



_____________________________________________________________
Secure mail ---> http://www.blackcode.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: