| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jkuperus at planet.nl (jelmer) Subject: Re: Internet Explorer and Opera local zone restriction bypass I tried that and as I expected that doesn't work , it just prompts for download.if you redirect to that file I think your confused with the object-tag-in-localzone type of vulnerabilities we had a while back, you could execute programs without parameters with that. but thats nothing like this, or should I perhaps write *NOTHING LIKE THIS!!!* ? as you seem to prefer caps, This vulnerability only removes the restrictions that servicepack 1 brought, in disallowing access to local urls --jelmer ----- Original Message ----- From: "Bipin Gautam" <door_hUNT3R@...ckcodemail.com> To: <full-disclosure@...ts.netsys.com> Sent: Wednesday, October 29, 2003 3:29 PM Subject: [Full-Disclosure] Re: Internet Explorer and Opera local zone restriction bypass > try this ... > > its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION > > file://c:\windows\system32\logoff.exe > > > > _____________________________________________________________ > Secure mail ---> http://www.blackcode.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists