Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shockwave Security Alert

From: joefish () TRINET COM (Joseph Fish)
Date: Fri, 14 Mar 1997 10:49:13 -0500

At 1:01 AM -0600 3/14/97, Aleph One wrote:

http://www.webcomics.com/shockwave/


                          SHOCKWAVE SECURITY ALERT



  AKA :: How to use Shockwave to read people's Netscape email!

  10-Mar-97 --- reported by: David de Vitry


Cool!

The method of getting the e-mail from Netscape is using a command issued to
Netscape via the mailbox: command. This is possible to do in Java as well.
Shockwave's getNetText will not get text from your local drive by itself.

For instance, I cannot get your autoexec.bat file even though I know the
absolute path to it. This is because it is not in a mailbox file accessible
via the mailbox command in Netscape.

Try typing mailbox: in your URL location and pressing return.

You can also type in: javascript: and press return to access a javascript
test thing.

Or news: to open the news window.

Wheeeeee.....


________________________________________________
Joseph Fish                           "If I could, I would have a
General Manager,               direct connection to my brain"
Internet Services
TriNet Services, Inc.                     919-833-2247  x233
URL: http://www.trinet.com/         joefish () trinet com
________________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: