Vulnerability Development mailing list archives
RE: Shell:
From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Fri, 9 Jul 2004 08:42:14 +0300
I tested this in Firefox 0.9.1, and strangely it fires-up my hex editor with given application. And in IE (Win2003) if I run it by myself it executes calc.exe or any other exe in any place with shell and directory traversal. But when I try to link it from a webpage it doesn't work my computer zone or internet zone it opens file download dialog box. Ferruh.Mavituna http://ferruh.mavituna.com PGPKey : http://ferruh.mavituna.com/PGPKey.asc
-----Original Message----- From: Perrymon, Josh L. [mailto:PerrymonJ () bek com] Sent: Thursday, July 08, 2004 6:41 PM To: vuln-dev () securityfocus com Subject: Shell: What do you think about this in Mozilla OR IE? shell:windows\system32\cmd.exe I can't seem to pass any variables to it though because it bombs but my syntax may be incorrect. Joshua Perrymon Sr. Network Security Consultant PGP Fingerprint 51B8 01AC E58B 9BFE D57D 8EF6 C0B2 DECF EC20 6021 **********CONFIDENTIALITY NOTICE********** The information contained in this e-mail may be proprietary and/or privileged and is intended for the sole use of the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, any review, copying or distribution of this e-mail and its attachments, if any, is prohibited. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete this message from your system.
Current thread:
- Shell: Perrymon, Josh L. (Jul 08)
- Re: Shell: steve johnson (Jul 08)
- Re: Shell: mike (Jul 09)
- Re: Shell: Seth Chromick (Jul 09)
- RE: Shell: Ferruh Mavituna (Jul 09)
- <Possible follow-ups>
- RE: Shell: Perrymon, Josh L. (Jul 09)
- Re: Shell: steve johnson (Jul 08)