lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <001401c39e38$852334a0$3200000a@pluto>
From: jkuperus at planet.nl (jelmer)
Subject: Re: Internet Explorer and Opera local zone
 restriction bypass

I tried  that  and as I expected that doesn't work , it just prompts for
download.if you redirect to that file

I think your confused with the object-tag-in-localzone type of
vulnerabilities we had a while back, you could execute programs without
parameters with that. but thats nothing like this, or should I perhaps write
*NOTHING LIKE THIS!!!* ? as you seem to prefer caps, This vulnerability only
removes the restrictions that servicepack 1 brought,  in disallowing access
to local urls

--jelmer



----- Original Message ----- 
From: "Bipin Gautam" <door_hUNT3R@...ckcodemail.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Wednesday, October 29, 2003 3:29 PM
Subject: [Full-Disclosure] Re: Internet Explorer and Opera local zone
restriction bypass


> try this ...
>
> its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION
>
> file://c:\windows\system32\logoff.exe
>
>
>
> _____________________________________________________________
> Secure mail ---> http://www.blackcode.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ