lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 10 Feb 2004 17:28:30 -0000
From: "http-equiv@...ite.com" <1@...ware.com>
To: <bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>
Subject: Re: Possible new cross zone scripting in IE




 <!--

Cheng Peng Su Wrote:

<a href="shell:My Music" 

 -->

Excellent ! The revival of the Pull's shell game: 

"directoryInfo.html", ie the "file://::{CLSID}"

[see: http://www.securityfocus.com/bid/3867/]


The following on this so-called Microsoft Windows XP machine:

Control Panel 
Administrative Tools 
Cache 
CD Burning 
Cookies
Desktop
Favorites
Fonts 
History 
Application Data 
Local Settings 
My Music 
My Pictures 
My Video 
NetHood 
Personal [my documents] 
PrintHood 
Programs 
Recent 
SendTo 
Start Menu 
Startup 
Templates

http://www.malware.com/shell.game.html

"Cache" can be very interesting


-- 
http://www.malware.com






Powered by blists - more mailing lists