Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: possible new "e-mail virus" concept ? + bypassing IE settings

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Thu, 18 May 2000 23:55:05 -0700

Jim Paris wrote:



This was not tested, but i think it might be possible to make a custom
HTTP server that thinks "/../../../../../../file.bat" (or maybe "c:\file.bat")
is valid, and when asked to send this file, it will not try to look in lower
dirs to find the file, but simply will upload the file to the client.

(I could use some %codes in the filename in the .html to scramble the dir and
fool I.E.)
That way, we might be able to save the temporary files in other dirs then
"the temporary internet files" folder.


That won't work.

-jim


Agreed.  Both IE and Netscape make up new filenames for things they cache,
and keep a separate index file for their real names.  I don't think
creative naming by the server is going to get things placed where you want
on the client disk.

I love the who idea in general though, if you can find a way to trick the
browser/user into executing the code.

                                        BB
Previous By Date Next
Previous By Thread Next

Current thread: