Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Alla Bezroutchko (alla_at_scanit.be)
Date: Thu Aug 22 2002 - 06:54:44 CDT
Quite a few browser vulnerabilities (BugTraq ID 5473 - Web Folders HTML
injection - being the latest) allow a web site to execute HTML code in
"Local Computer" security zone. At least those bugs allow a web site to
read local files. My question is: is there anythign else you can do with
this type of bug? Like running arbitrary commands?
Usually you have a piece of text of limited size that you can inject.
This rules out Java applets as far as I understand. Wscript.Shell
ActiveX control also seems to be a problem because IE shows a dialog box
saying something about unsafe ActiveX controls. So is there anything
else interesting one can do with cross-domain scripting?