[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031031003221.32119.qmail@sf-www2-symnsj.securityfocus.com>
Date: 31 Oct 2003 00:32:21 -0000
From: Liu Die Yu <liudieyuinchina@...oo.com.cn>
To: bugtraq@...urityfocus.com
Subject: Redirection and refresh parses local file
Redirection and refresh parses local file
("that's all" is the end of file if you are in a hurry)
[tested]
OS:WinXp
Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/10/30
[demo]
http://www.safecenter.net/UMBRELLAWEBV4/IredirNrefresh/IredirNrefresh-MyPage.htm
[exp]
if an iframe whose SRC points to a CGI redirecting to a local URL, location of the iframe will be equal to the local URL. then, refreshing the iframe OR refreshing the top window will make the local URL be parsed.
that's all.
the first post about this issue is
http://www.securityfocus.com/archive/1/342317
then Thor Larholm wrote it's the 3 slashes after "file:" that make IE accept the HTTP redirection.
( http://pivx.com/larholm/list/pivx.10.24.macromediaflashcookies.txt )
actually, that's not the key point. "file://", "file:///" and "[DriveLetter]:\[...]" are okay.
it's added to "Unpatched IE Bugs" list at http://continue.to/trie
[people]
greetings to:
the Pull, dror, guninski and mkill.
thanks to:
http://www.leox.com/
-----
all mentioned resources can always be found at UMBRELLA.MX.TC
Powered by blists - more mailing lists