[Full-Disclosure] COELACANTH: After Math
To: <firstname.lastname@example.org> Date: Fri, 11 Jun 2004 14:17:37 -0000
There is a sneaking suspicion that you can put the site contents
in the so-called 'local zone' or 'my computer'.
Since it validates the 'front end' of the address and ends up at
the 'back end' this all would seem very similar to:
where Internet Explorer gets 'confused' by the url
mhtml:file://C:foo.mhtml! switches to the local zone as a
result of C:, stays there and passes through to the 'back end'
http://www.malware.com//bad.chm::/foo.html on the remote server
while in the 'local zone' and renders foo.html in there.
If this peculiar DNS setup also has a 'proper' chm file on it
the following should work [as it does on any server setup]:
now as above if we include in the 'front end':
It should see it as in C: and make its little 'zone'
determination first, then pass through to the 'back end'
and render foo.html in the 'local zone' even though it is on the
You'd have to tinker quite a bit:
Anyone have a server they care to setup?
-- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html