RE: Shell:

From: Ferruh Mavituna (ferruh_at_mavituna.com)
Date: 07/09/04

  • Next message: Rocky Heckman: "RE: help:// protocol in Windows XP Prof"
    To: "'Perrymon, Josh L.'" <PerrymonJ@bek.com>, <vuln-dev@securityfocus.com>
    Date: Fri, 9 Jul 2004 08:42:14 +0300
    
    

    I tested this in Firefox 0.9.1, and strangely it fires-up my hex editor with
    given application.

    And in IE (Win2003) if I run it by myself it executes calc.exe or any other
    exe in any place with shell and directory traversal.

    But when I try to link it from a webpage it doesn't work my computer zone or
    internet zone it opens file download dialog box.

    Ferruh.Mavituna
    http://ferruh.mavituna.com
    PGPKey : http://ferruh.mavituna.com/PGPKey.asc

    > -----Original Message-----
    > From: Perrymon, Josh L. [mailto:PerrymonJ@bek.com]
    > Sent: Thursday, July 08, 2004 6:41 PM
    > To: vuln-dev@securityfocus.com
    > Subject: Shell:
    >
    > What do you think about this in Mozilla OR IE?
    >
    > shell:windows\system32\cmd.exe
    >
    > I can't seem to pass any variables to it though because it bombs but my
    > syntax may be incorrect.
    >
    >
    >
    > Joshua Perrymon
    > Sr. Network Security Consultant
    > PGP Fingerprint
    > 51B8 01AC E58B 9BFE D57D 8EF6 C0B2 DECF EC20 6021
    >
    > **********CONFIDENTIALITY NOTICE**********
    > The information contained in this e-mail may be proprietary and/or
    > privileged and is intended for the sole use of the individual or
    > organization named above. If you are not the intended recipient or an
    > authorized representative of the intended recipient, any review, copying
    > or distribution of this e-mail and its attachments, if any, is prohibited.
    > If you have received this e-mail in error, please notify the sender
    > immediately by return e-mail and delete this message from your system.
    >
    >


  • Next message: Rocky Heckman: "RE: help:// protocol in Windows XP Prof"