Vulnerability Development mailing list archives
Re: possible new "e-mail virus" concept ? + bypassing IE settings
From: jim () JTAN COM (Jim Paris)
Date: Fri, 19 May 2000 02:42:13 -0400
This was not tested, but i think it might be possible to make a custom HTTP server that thinks "/../../../../../../file.bat" (or maybe "c:\file.bat") is valid, and when asked to send this file, it will not try to look in lower dirs to find the file, but simply will upload the file to the client. (I could use some %codes in the filename in the .html to scramble the dir and fool I.E.) That way, we might be able to save the temporary files in other dirs then "the temporary internet files" folder.
That won't work. -jim
Current thread:
- possible new "e-mail virus" concept ? + bypassing IE settings Zoa_Chien (May 18)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Jim Paris (May 18)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Blue Boar (May 18)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings A.T.Z. (May 19)
- chsh Segfault on FreeBSD 3.3 Fabio Pietrosanti (May 19)
- reverse engineer c or java kj (May 19)
- Re: reverse engineer c or java John Swensson (May 20)
- Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER SMILER (May 20)
- Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Blue Boar (May 20)
- Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Stuart Henderson (May 22)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Blue Boar (May 18)
- Re: reverse engineer c or java za () boo ma fu (May 20)
- Outlook, HTML & VBS Joerg Weber (May 21)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Jim Paris (May 18)