Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible new cross zone scripting in IE

From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 10 Feb 2004 17:36:42 -0000


 <!--

Cheng Peng Su Wrote:

<a href="shell:My Music" 

 -->

Excellent ! The revival of the Pull's shell game: 

"directoryInfo.html", ie the "file://::{CLSID}"

[see: http://www.securityfocus.com/bid/3867/]


The following on this so-called Microsoft Windows XP machine:

Control Panel 
Administrative Tools 
Cache 
CD Burning 
Cookies
Desktop
Favorites
Fonts 
History 
Application Data 
Local Settings 
My Music 
My Pictures 
My Video 
NetHood 
Personal [my documents] 
PrintHood 
Programs 
Recent 
SendTo 
Start Menu 
Startup 
Templates

http://www.malware.com/shell.game.html

"Cache" can be very interesting 

<img dynsrc="malware.exe">
<a href="shell:Cache\malware.exe">Cache</a>

needs to be worked on...


-- 
http://www.malware.com






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: