[Full-disclosure] Re: Window's O/S
From: Dave Korn (davek_throwaway_at_hotmail.com)
To: email@example.com Date: Thu, 24 Nov 2005 14:58:54 -0000
Marek Isalski wrote in news:firstname.lastname@example.org
>>> create an folder on deskop and name it as "notepad".
>>> open internet explorer > go to view > source code > this will open the
>>> contents of notepad folder....!!
>> Even better: rename any exe to notepad.exe ;)
> Is this IE being so stupid as to run with a CWD of Desktop and
> effectively doing a system("notepad")?
> That'd explain explorer opening up folders called Notepad, and .exe files
> being run. Bet it also works on MS Word documents (without a .doc
> extension, probably), and any other magically executable file...
> Certainly cmd.exe as notepad on the desktop suggests the CWD is your
> Desktop (so presumably IE's CWD is also Desktop).
Yep. You can't see that it's the cwd, but process explorer will show you
it has a handle to desktop open.
> Are there any other external apps IE is stupid enough to run without a
> full path prefix? That could be fun too! :-)
Dunno, but I'll tell you something I spotted the other day.
Copy calc.exe to the root of your C:\ drive, and rename it to
Fire up a recently-updated RealPlayer. Watch two instances of calc.exe
appear. Close RealPlayer again. Watch two more instances of calc.exe
Another un-quoted path with spaces in it. Phj33r!
-- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/