Full Disclosure mailing list archives
Re: Possible new cross zone scripting in IE
From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 10 Feb 2004 17:36:42 -0000
<!-- Cheng Peng Su Wrote: <a href="shell:My Music" --> Excellent ! The revival of the Pull's shell game: "directoryInfo.html", ie the "file://::{CLSID}" [see: http://www.securityfocus.com/bid/3867/] The following on this so-called Microsoft Windows XP machine: Control Panel Administrative Tools Cache CD Burning Cookies Desktop Favorites Fonts History Application Data Local Settings My Music My Pictures My Video NetHood Personal [my documents] PrintHood Programs Recent SendTo Start Menu Startup Templates http://www.malware.com/shell.game.html "Cache" can be very interesting <img dynsrc="malware.exe"> <a href="shell:Cache\malware.exe">Cache</a> needs to be worked on... -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Possible new cross zone scripting in IE http-equiv () excite com (Feb 10)