RE: HELP ! : Trojanised HTML: Internet Exporer 5 and 6 [technic al exercise]

[Thor Larholm <Thor () jubii dk>]

<snip http-equiv>

Nice.

Now, you really don't need those hardcoded Win98 vs Win2K paths, there are
several vulnerabilities that allows you to determine whether local
files/paths exists or not (and read them, should you feel like it).

There's a small list on http://jscript.dk/unpatched/ of the vulnerabilities
that remain unpatched in IE6 with all patches installed. Most have been
publicly known for 1½ month so far. The GetObject and XMLHTTP bugs should be
your first choice in local path detection, and the codebase localpath should
be your currently most feared.

I hate making lists like these, as they tend to indulge the culturally
impaired (script kiddies) to use the examples. It does, however, help in
putting pressure to those that need to provide patches (MS).

Before complaining about the short(?) list, keep ind mind that the above is
only a list of publicized vulnerabilities that remain unpatched - not a list
of all IE vulnerabilities (detailing that would seem to be a fulltime job).
If I forgot to mention a vulnerability or two that remain unpatched, forgive
me or write me.


Regards
Thor Larholm
Jubii A/S - Internet Programmer