lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200407101642.i6AGg3Oe016346@web180.megawebservers.com> From: 1 at malware.com (http-equiv@...ite.com) Subject: What about M$ in the shell: race <!-- Every bit of real testing I've seen shows this is not a real vulnerability in IE. --> surely you jest. It is the Key to the Kingdom. To quote the original finder, way back in June of 2003: "allows remote attacker to traverse "Shell Folders" directories. A remote attacker is able to gain access to the path of the % USERPROFILE% folder without guessing a target user name by this vulnerability." shell:desktop "C:\Documents and Settings\%USERNAME%\Desktop" Perhaps you missed these "real" tests: http://poc.homedns.org/execute.htm http://62.131.86.111/security/idiots/malware2k/installer.htm or maybe you didn't. -- http://www.malware.com