Full Disclosure mailing list archives
Re: Internet Explorer drag&drop 0day
From: Markus <full-disclosure () sandman za net>
Date: Tue, 14 Feb 2006 08:43:03 +0200
Hi Thierry Zoller, I have a couple of problems/questions reguarding your web-site: On the Secure-It details page [ http://www.sniff-em.com/secureit.shtml ] under the heading "Do you have a demonstration ?", both links to the demo "exploit" are dead. [ http://www.freewebs.com/shreddersub7/htm.htm ] [ http://www.freewebs.com/shreddersub7/htm.htm%20 ] My primary concern however is that the method chosen to open those links. I assume in an attempt to hide the target url you meant to use the * onclick * javascript event, or even the * onmousedown * or * onmouse * up, but surely not the * onmouseover * ! You are aware that you current chosen method would have launched your exploit on the machine of a prospective customer, without so much as a clicks worth of their consent, had the links worked and by some small miracle they had disabled pop-up blocking etc. I do wish you the best of luck in your ventures. Your products appear both useful and interesting. Please give your web designer a whack on the side of the head though. Regards Markus
Gadi Evron wrote:Dear Gadi Evron, Just a note Users of Secure-it were already protected against this as it blocks the shell.explorer interface since 2005: http://www.sniff-em.com [Freeware]Cool. Thanks. That's the most polite and non-evasive commercial plug-in I've seen in a while! :)I mean that! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Internet Explorer drag&drop 0day Gadi Evron (Feb 13)
- Re: Internet Explorer drag&drop 0day Thierry Zoller (Feb 13)
- Re: Internet Explorer drag&drop 0day Shyaam (Feb 13)
- Re: Internet Explorer drag&drop 0day Valdis . Kletnieks (Feb 13)
- Re: Internet Explorer drag&drop 0day Gadi Evron (Feb 13)
- Re: Internet Explorer drag&drop 0day Shyaam (Feb 13)
- <Possible follow-ups>
- Re: Internet Explorer drag&drop 0day Markus (Feb 13)
- Re[2]: Internet Explorer drag&drop 0day Thierry Zoller (Feb 14)
- Re: Internet Explorer drag&drop 0day Markus (Feb 15)
- Re[2]: Internet Explorer drag&drop 0day Thierry Zoller (Feb 16)
- Re: Internet Explorer drag&drop 0day Markus (Feb 16)
- Re: Internet Explorer drag&drop 0day Thierry Zoller (Feb 13)