Vulnerability Development: RE: help:// protocol in Windows XP Prof

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

RE: help:// protocol in Windows XP Prof

From: Tyler Durden <fadingreality414 () yahoo com>
Date: Thu, 8 Jul 2004 19:32:36 -0700 (PDT)

Very clever. Heres what I would do:

Combine that lovely help protocol with some cross site
scripting....say...some part of some security site
(believe me, i've found way more then one XSS vulns in
security sites). Then, hex encode the end part of the
URL. Make the window that pops up 1x1 pixels in size.
Enjoi.

--Oedipus


--- "Calderon, Juan Carlos (GE Commercial Finance,
NonGE)" <juan.calderon () ge com> wrote:

<.a href="javascript:loadWin()"
title="help://www.product.com/help"

onmouseover="window.status='help://www.product.com/help';return

true" onmouseout="window.status='';return true">

just my two cents

-----Original Message-----
From: Jordan Cole (stilist)
[mailto:stilist () gmail com]
Sent: Wednesday, July 07, 2004 8:13 PM
To: Bartosz Kwitkowski
Cc: vuln-dev () securityfocus com
Subject: Re: help:// protocol in Windows XP Prof

If you could get it to work in a link, it would make
for a good
exploit... "Click here to read the help file for
this application."
Have that link to a malware-enabled website or
something similar, and
you've got another unsuspecting user infected.

On the other hand, you could just create a link that
/appears/ to be
pointing to a help:// url...

<.html>
<.head>
<.script language='javascript1.2'>
function loadWin(){
window.open('http://www.google.com/','Help for
[product]','resizable=yes,width=500,height=400,
top=10, left=10');
}
<./script>
<./head>
<.body>
<.a href="javascript:loadWin()"
title="help://www.product.com/help">Read the help
file</a>
<./body>
<./html>

I tried to make the statusbar reflect the apparent
help:// url, but
couldn't remember how (despite a quick google).

While it's unlikely most users would even notice the
help:// part,
those who do would simply assume it's some weird
thing like ftp://...
they don't know what it does, but it apparently
works.

-- 

[stlst]




        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

By Date By Thread

Current thread:

Re: help:// protocol in Windows XP Prof, (continued)
- Re: help:// protocol in Windows XP Prof pingywon MCSE (Jul 12)
  - Re: help:// protocol in Windows XP Prof Bartosz Kwitkowski (Jul 12)
- Re: help:// protocol in Windows XP Prof Bartosz Kwitkowski (Jul 08)
- RE: help:// protocol in Windows XP Prof Weltha, Nick [ADM] (Jul 08)
- RE: help:// protocol in Windows XP Prof Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Jul 08)
  - RE: help:// protocol in Windows XP Prof Tyler Durden (Jul 09)
  - RE: help:// protocol in Windows XP Prof Rocky Heckman (Jul 09)