Home page logo
/

bugtraq logo Bugtraq mailing list archives

Minor IE System Info Disclosure
From: dzzie () yahoo com
Date: Sun, 4 Nov 2001 16:11:22 -0600


I just stumbled across this the other day when i was playing... a remote
server can poll a surfers computer and determin some applications they
have installed by trying a load an image with the file:// protocol.

if the file is found on disk the javascript onload event fires..if not
the onerror event fires..

http://geocities.com/dzzie/sys_snoop1.html


you can also check out the remote system by setting an iframe src=file://
to common paths to txt or xml files..if they are found they will raise
the onload event (oddly enough .html extension wont raise event)

http://geocities.com/dzzie/sys_snoop2.html










  By Date           By Thread  

Current thread:
  • Minor IE System Info Disclosure dzzie (Nov 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]