Vulnerability Development mailing list archives
Re: Winnt/Win2k Vuln ?
From: Fab Siciliano <fsiciliano () optiumcorp com>
Date: Fri, 10 Aug 2001 21:46:47 -0400
How is this a vulnerability?I am still prompted to whether I want to save the file to disk, or run it from it's current location. The file just doesn't execute unless you want it to.
-Fab At 03:34 PM 8/10/2001, Kevin Gagel wrote:
You are incorrect. I am using win2k pro with sp2. I created a batch file and saved it to my desktop. It simply echoed hello. I renamed it to our web site with a .bat on the end. Then in IE addressbar I typed the www address of our web site and the batch file ran. "Rio Martin." wrote: > > I could confirm this, as long as you put executeable file in desktop, then > you will be able to open it. Extension .BAT wont run. Only .COM will run. > I also try to rename the file to www.somekind.org and it just showing "Open > With ..." window. > > Regards, > Rio Martin. > http://marsud.org/ > > _ > "Red Pantz" <redpantz () crackdealer com> wrote something like this: > > Hello all,> > I have found that if you name a file (can be any data file) a certain URL,> on your desktop, and then g0 to IE and type that url, the web site will not > come up, only the program that was named the certain.confusing? > > i.e. > > - copy autoexec.bat to ..\desktop > > - rename autoexec.bat to www.google.com (can be any url) > > - then go to IE and type "www.google.com" > > - your batch file is then ran > > a few issues i have w/ this is: > > - the prog will only run if it is on your desktop > > - if you type "http://www.google.com", for example > > it will not run(unless u name your file the same thing) > > - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5 > > - it doesn't seem to have any privelage escalation (all progs are run as > the current user logged on) > > Just want a few others to try it and see wut they think > > thanx alot > > redpantz > > -- ============================= Kevin W. Gagel Network Administrator College of New Caledonia gagel () cnc bc ca (250)561-5848 loc. 448 =============================
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Fab Siciliano Networks and Security Tel - 215.712.6200 Ext. 312 Optium, Inc. "Break-Through Technology for Optical Transmission" http://www.optiumcorp.com :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Current thread:
- RE: Winnt/Win2k Vuln ?, (continued)
- RE: Winnt/Win2k Vuln ? Jeremy Rodriguez (Aug 10)
- Re: Winnt/Win2k Vuln ? Enrique A. CompaƱ Gzz. (Aug 10)
- RE: Winnt/Win2k Vuln ? Thomas Reagan (Aug 10)
- Re: Winnt/Win2k Vuln ? Thor (Aug 10)
- RE: Winnt/Win2k Vuln ? Thomas Reagan (Aug 10)
- Re: Winnt/Win2k Vuln ? Felipe Franciosi (Aug 10)
- Re: Winnt/Win2k Vuln ? sween (Aug 10)
- Re: Winnt/Win2k Vuln ? Vulnerability Development (Aug 10)
- Re: Winnt/Win2k Vuln ? Kaneda Akira (Aug 10)
- Re: Winnt/Win2k Vuln ? Rio Martin. (Aug 10)
- Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? Fab Siciliano (Aug 10)
- Re: Winnt/Win2k Vuln ? sween (Aug 10)
- Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? J.D. Meek (Aug 10)
- Re: Winnt/Win2k Vuln ? Kaneda Akira (Aug 11)
- Re:Winnt/Win2k Vuln ? Thiago Campos (Aug 10)
- RE: Winnt/Win2k Vuln ? JKlemenc (Aug 10)
- Re: Winnt/Win2k Vuln ? martin . goudreault (Aug 10)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 10)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
- Re: Winnt/Win2k Vuln ? Ben Ford (Aug 10)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)