-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6 Mar 2002 at 14:21, ruler wrote:
Date sent: Wed, 06 Mar 2002 14:21:12 -0500 From: ruler <[EMAIL PROTECTED]> Subject: Re: scary site To: [EMAIL PROTECTED] > There are also sites that will let you view all of your directory trees, > which a server could easily see all of your files. Which do you think is > more scary? I hope you're not thinking of the javascript file///c trick? The above is client side javascript. The files you see in the browser are not viewable from the remote web server. You could also use this: URL=file:///c|/autoexec.bat The clsid trick used on the website below is also on your end of the connection. As has been mentioned before, no-one has yet publicly shown a way to append arguments to the clsid string to allow an instance of the cmd.exe to execute said commands. Hope this alleviates your fears. Cheers, Brad > ----- Original Message ----- > From: "leon" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, March 05, 2002 12:30 PM > Subject: scary site > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > http://www.liquidwd.freeserve.co.uk/ > > > > > > Try it with a windows machine and IE with all patches. > > > > Be afraid be very afraid. > > > > FYI this is for all those people who are think that just having a > > firewall is enough. > > > > Guess what? > > > > This works through packet filter, stateful inspection and proxy > > servers. > > > > Cheers, > > > > Leon > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > > > iQA/AwUBPIUArNqAgf0xoaEuEQLn0wCgjtpLPuRxLbCscHrq32IjePeezf8AoI6t > > T73+xCv/VhrCGDVDIVrFBqZl > > =9gR6 > > -----END PGP SIGNATURE----- > > > - -- Brad Griffin Gryphonn Design Computer Security Solutions Custom designed systems Ph: 0409057865/(07)4922 2589 Rockhampton QLD 4700 ABN: 12 095 821 961 *************************** -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 -- QDPGP 2.65 Comment: Check ldap://europe.keys.pgp.com:11370 for public key. iQA/AwUBPIfgUw1FNrB3xRVMEQLT3wCfQM8jDepww0l2G8thdZSUcPf261IAn0cm iJ1NOPAgtE7vTFFTKQri9EJT =Ltpq -----END PGP SIGNATURE-----
