Vulnerability Development mailing list archives
Windows 2000 SP4 + IE (fully patched) - restrictions bypass
From: Bartosz Kwitkowski <bartosz () wb pl>
Date: 2 Nov 2004 01:31:31 -0000
Windows 2000 SP4 + IE (fully patched) - restrictions bypass Restrictions for example: - disabled protocols (ftp://,file://,news://,...); - you can't view computers in your network, and you can't explore their resources Bypass it :-)... open your browser (IE) and type: javascript:window.open('\\\\\\\\\\{computer name,or IP, or URL}\\{resource, for example D$}') Windows changes those \\\... into file:// and restrictions are useless :-). ex.: javascript:window.open('\\\\\\\\\\10.9.9.1\\D$') and you if you know pass you can log in or download a file :-). Regards, Bartosz Kwitkowski
Current thread:
- Windows 2000 SP4 + IE (fully patched) - restrictions bypass Bartosz Kwitkowski (Nov 02)