mailing list archives
Minor IE System Info Disclosure
From: dzzie () yahoo com
Date: Sun, 4 Nov 2001 16:11:22 -0600
I just stumbled across this the other day when i was playing... a remote
server can poll a surfers computer and determin some applications they
have installed by trying a load an image with the file:// protocol.
the onerror event fires..
you can also check out the remote system by setting an iframe src=file://
to common paths to txt or xml files..if they are found they will raise
the onload event (oddly enough .html extension wont raise event)
- Minor IE System Info Disclosure dzzie (Nov 05)