Full Disclosure mailing list archives
Re: Re: Window's O/S
From: Gilles DEMARTY <gilles.demarty () gmail com>
Date: Thu, 24 Nov 2005 17:40:22 +0100
hi list, you can workaround this 'problem' and protect yourself against an intruder, by patching your registry file : (Do it at your own risks : ) HKLM\SOFTWARE\Microsoft\Internet Explorer\View Source Editor\Editor Name and set the default key to 'c:\windows\notepad.exe' (or any editor you wanna use, providing the full path). Gilles 2005/11/24, Dave Korn <davek_throwaway () hotmail com>:
Marek Isalski wrote in news:s385b72e.070 () mail smuht nwest nhs ukcreate an folder on deskop and name it as "notepad". open internet explorer > go to view > source code > this will open the contents of notepad folder....!!Even better: rename any exe to notepad.exe ;)Is this IE being so stupid as to run with a CWD of Desktop and effectively doing a system("notepad")?Yep.That'd explain explorer opening up folders called Notepad, and .exe files being run. Bet it also works on MS Word documents (without a .doc extension, probably), and any other magically executable file... Certainly cmd.exe as notepad on the desktop suggests the CWD is your Desktop (so presumably IE's CWD is also Desktop).Yep. You can't see that it's the cwd, but process explorer will show you it has a handle to desktop open.Are there any other external apps IE is stupid enough to run without a full path prefix? That could be fun too! :-)Dunno, but I'll tell you something I spotted the other day. Copy calc.exe to the root of your C:\ drive, and rename it to "Program.exe". Fire up a recently-updated RealPlayer. Watch two instances of calc.exe appear. Close RealPlayer again. Watch two more instances of calc.exe appear. Another un-quoted path with spaces in it. Phj33r! cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Window's O/S, (continued)
- RE: Window's O/S Cassidy Macfarlane (Nov 24)
- Re: Window's O/S Greg (Nov 24)
- Re: Window's O/S Brian Dessent (Nov 24)
- Re: Window's O/S Brian Dessent (Nov 24)
- Re: Window's O/S Andres Tarasco (Nov 24)
- Re: Window's O/S Greg (Nov 24)
- RE: Window's O/S Haaland, Vegar Linge (Nov 24)
- RE: Window's O/S Fielder, Kevin (GE Consumer Finance) (Nov 24)
- Re: Window's O/S Stuart Dunkeld (Nov 24)
- Re: Window's O/S Marek Isalski (Nov 24)
- Re: Window's O/S Dave Korn (Nov 24)
- Re: Re: Window's O/S Gilles DEMARTY (Nov 24)
- RE: Window's O/S Aditya Deshmukh (Nov 24)
- Re: Window's O/S Dave Korn (Nov 24)
- Window's O/S houser (Nov 24)
- RE: Window's O/S Cassidy Macfarlane (Nov 25)
- Re: Window's O/S Peter Ferrie (Nov 25)
- RE: Window's O/S Cassidy Macfarlane (Nov 24)