Vulnerability Development mailing list archives
internet explorer view-source url
From: "John C. Hennessy" <johnh () charm net>
Date: Mon, 10 Jun 2002 05:43:19 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Perhaps its just me but I see this as a potential problem. From what I can tell all versions of internet explorer 4 and above allow view-source urls. view-source:http://www.news.com This opens notepad or your default html editor with the source of the main page for news.com or any other site or page you specify. Here's another one. view-source:file:///boot.ini This opens notepad or your default html editor to the local boot.ini, if it exists. This could potentialy be embeded into various html tags causing the instance of notepad or other editor to be opened automaticlly. If the file specified does not exit notepad will ask to create it. If someone isn't paying attention they could hit enter and create the specified file. John C. Hennessy Information security analyst -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPQSe5jfHYhhTZOYaEQImbwCfeXftE2boNT8Zt609MxX+V8kwoP0AnjeF zvc36IlY5wxrclj6ok8yKsw1 =7apz -----END PGP SIGNATURE-----
Current thread:
- internet explorer view-source url John C. Hennessy (Jun 10)
- Re: internet explorer view-source url hellNbak (Jun 10)
- Re: internet explorer view-source url Juan M. Courcoul (Jun 11)
- Re: internet explorer view-source url Juan M. Courcoul (Jun 11)
- RE: internet explorer view-source url aultl (Jun 12)
- Re: internet explorer view-source url John C. Hennessy (Jun 12)
- RE: internet explorer view-source url chris carey (Jun 12)
- Re: internet explorer view-source url Juan M. Courcoul (Jun 11)
- Re: internet explorer view-source url hellNbak (Jun 10)