Bugtraq: Re: Possible new cross zone scripting in IE

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Possible new cross zone scripting in IE

From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 10 Feb 2004 17:28:30 -0000



 <!--

Cheng Peng Su Wrote:

<a href="shell:My Music" 

 -->

Excellent ! The revival of the Pull's shell game: 

"directoryInfo.html", ie the "file://::{CLSID}"

[see: http://www.securityfocus.com/bid/3867/]


The following on this so-called Microsoft Windows XP machine:

Control Panel 
Administrative Tools 
Cache 
CD Burning 
Cookies
Desktop
Favorites
Fonts 
History 
Application Data 
Local Settings 
My Music 
My Pictures 
My Video 
NetHood 
Personal [my documents] 
PrintHood 
Programs 
Recent 
SendTo 
Start Menu 
Startup 
Templates

http://www.malware.com/shell.game.html

"Cache" can be very interesting


-- 
http://www.malware.com

By Date By Thread

Current thread:

Possible new cross zone scripting in IE Cheng Peng Su (Feb 10)
- <Possible follow-ups>
- Re: Possible new cross zone scripting in IE http-equiv () excite com (Feb 10)