
Bugtraq mailing list archives
Re: Force Feeding
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Sat, 24 Jun 2000 17:58:53 -0700
At 01:00 PM 6/24/00 -0700, http-equiv () excite com wrote:
Create two sets of html messages:
(a) one comprising the file to be delivered:
<frameset rows="10%,*"> <frame src="refresh.bat" > </frameset>
I tried this one day with David Litchfield, and the file he sent ended up in one of the temporary internet files folders. These are randomly named, so this will tend to defuse any subsequent steps. If someone else gets different results, I'd be interested in hearing about it.
the file is delivered to the temp folder.
One work-around for this that I have long advocated is making the temporary internet folders and the temp folders non-executable.
Through the false link, they are then forced open the attached *.url which points to the C:\WINDOWS\TEMP\ where the delivered file waits.
This is Win9x specific, and although you can generally count on NT 4.0 having a c:\temp, Win2k has per-user temp directories, which complicate this somewhat, and neither c:\temp or c:\windows\temp normally exist. David LeBlanc dleblanc () mindspring com
Current thread:
- Force Feeding http-equiv () excite com (Jun 24)
- Re: Force Feeding David LeBlanc (Jun 24)
- Re: Force Feeding Dimitry Andric (Jun 26)
- Re: Force Feeding Philip Stoev (Jun 28)
- Re: Force Feeding David LeBlanc (Jun 28)
- Re: Force Feeding Weld Pond (Jun 25)
- Re: Force Feeding M. Burnett (Jun 26)
- Re: Force Feeding Phonix (Jun 27)
- [suse-security-announce] SuSE Security Announcement: wuftpd-2.6 (fwd) Daniel T. Chen (Jun 27)
- DoS in FirstClass Internet Services 5.770 Adam Prime (Jun 27)
- [slackware-security] wu-ftpd remote exploit patched Christopher Kager (Jun 28)
- [SECURITY] New verion of dhcp released debian-security-announce () LISTS DEBIAN ORG (Jun 28)
(Thread continues...)
- Re: Force Feeding David LeBlanc (Jun 24)