Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow

Re: Re: Re: Re: Re: Opera 9.6x file:// overflow

From: <theindigowolf_at_gmail.com>
Date: Thu, 20 Nov 2008 16:30:15 +0000

Does that also hold true if you use a javascript/java applet to deliver the URL rather than just placing it in a text link?
------Original Message------
From: psy.echo_at_gmail.com
Sender:
To: bugtraq_at_securityfocus.com
Subject: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
Sent: Nov 19, 2008 5:59 PM

Hi Peter,

Apropos File URI scheme, if you are saying about accessing a file with something like file://abcd... in a link, 'over a network', then most of the browsers (perhaps all) do not follow "file:" links on a page that is fetched with "HTTP". The purpose is "security" or to prevent a remote page from executing a program on the visitor's computer.

The file: links work on pages that are local files on the user's disk! Though in some browsers these settings can be changed. That is why the Opera exploit through file://abcd.... does not work on network.

Hope it answers your query!

--
Thanks & Regards,
Rishi Narang | Security Researcher
Member, Evil Fingers
Vulnerability Research Analyst, Third Brigade Labs
Blog: www.greyhat.in | Associations: www.evilfingers.com | www.thirdbrigade.com

.... eschew obfuscation, espouse elucidation.


Sent via BlackBerry by AT&T
Received on Nov 20 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]