| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: giocasati at interfree.it (Komrade) Subject: shell:windows command question >> On Wed, 7 Jul 2004, Perrymon, Josh L. wrote: >> >> >> >>> -----snip------ >>> center><br><br><img src="nocigar.gif"></center> >>> <center> >>> <a href="shell:windows\snakeoil.txt">who goes there</a></center> <iframe >>> src="http://windowsupdate.microsoft.com%2F.http- >>> equiv.dyndns.org/~http-equiv/b*llsh*t.html" style="display:none"> >>> [customise as you see fit] >>> <http://www.malware.com/stockpump.html> >>> ------end---------- >>> The code above has interest to me. >>> Even in Mozilla the commands below will work. >>> <a href=shell:windows\\system32\\calc.exe>1</a> >>> <a href=shell:windows\system32\calc.exe>2</a> >>> <a href=shell:windows\system32\winver.exe>4</a> >>> Just save them to an .html file and run it. >>> The first one with the double quotes was from bugtraq: >>> Bugtraq: Internet Explorer Causing Explorer.exe - Null Pointer Crash >>> <http://seclists.org/lists/bugtraq/2004/Mar/0188.html> >>> The links below that will run calc as well as winver. >>> It seems it calls windows as a virtual dir because c:\winxp is what I >>> have. >>> I have been playing around to see if cmd.exe will work with it but >>> without >>> luck. >>> This is what is in the registry. >>> HKEY_CLASSES_ROOT\Shell >>> Look in the registry key above. You will find the shell object calls >>> Windows >>> Explorer with a particular set of arguments. >>> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L >>> So this is tied to explorer.exe. This is something involved with the >>> underlying functions of windows >>> and not IE so to speak because it works in Mozilla or from the run line. >>> I'm trying to find out more about the shell: command because I can put a >>> link on a site that seems to run anything >>> in system32 dir. I'd like to see if you can pass parameters to it. >>> >>> Anyone give me more info on the shell:windows command? >>> JP >>> I found an odd behaviour in my mozilla browser, when i try to execute this link: <a href=shell:nofile.xul>click here</a> (.xul file is a Mozilla XUL Document) When i click on the link, i see many mozilla windows opening and consuming 100% of the CPU. The system became unstable, forcing me to disconnect from my login. I have Mozilla 1.7b and Windows XP sp0. This is not a real security matter, but it's quite annoying. - Komrade - - http://unsecure.altervista.org -
Powered by blists - more mailing lists