[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081119225925.16556.qmail@securityfocus.com>
Date: 19 Nov 2008 22:59:25 -0000
From: psy.echo@...il.com
To: bugtraq@...urityfocus.com
Subject: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
Hi Peter,
Apropos File URI scheme, if you are saying about accessing a file with something like file://abcd... in a link, 'over a network', then most of the browsers (perhaps all) do not follow "file:" links on a page that is fetched with "HTTP". The purpose is "security" or to prevent a remote page from executing a program on the visitor's computer.
The file: links work on pages that are local files on the user's disk! Though in some browsers these settings can be changed. That is why the Opera exploit through file://abcd.... does not work on network.
Hope it answers your query!
--
Thanks & Regards,
Rishi Narang | Security Researcher
Member, Evil Fingers
Vulnerability Research Analyst, Third Brigade Labs
Blog: www.greyhat.in | Associations: www.evilfingers.com | www.thirdbrigade.com
... eschew obfuscation, espouse elucidation.
Powered by blists - more mailing lists