|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Shell:
From: Ferruh Mavituna (ferruh
mavituna.com)
Date: Fri Jul 09 2004 - 00:42:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I tested this in Firefox 0.9.1, and strangely it fires-up my hex editor with
given application.
And in IE (Win2003) if I run it by myself it executes calc.exe or any other
exe in any place with shell and directory traversal.
But when I try to link it from a webpage it doesn't work my computer zone or
internet zone it opens file download dialog box.
Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc
> -----Original Message-----
> From: Perrymon, Josh L. [mailto:PerrymonJbek.com]
> Sent: Thursday, July 08, 2004 6:41 PM
> To: vuln-devsecurityfocus.com
> Subject: Shell:
>
> What do you think about this in Mozilla OR IE?
>
> shell:windows\system32\cmd.exe
>
> I can't seem to pass any variables to it though because it bombs but my
> syntax may be incorrect.
>
>
>
> Joshua Perrymon
> Sr. Network Security Consultant
> PGP Fingerprint
> 51B8 01AC E58B 9BFE D57D 8EF6 C0B2 DECF EC20 6021
>
> **********CONFIDENTIALITY NOTICE**********
> The information contained in this e-mail may be proprietary and/or
> privileged and is intended for the sole use of the individual or
> organization named above. If you are not the intended recipient or an
> authorized representative of the intended recipient, any review, copying
> or distribution of this e-mail and its attachments, if any, is prohibited.
> If you have received this e-mail in error, please notify the sender
> immediately by return e-mail and delete this message from your system.
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]