What do you think of this!
- Thread starter odin
- Start date
- Status
I am using IE6, and I don't see any pop up or directory of my hard disk.
I wonder just how much of an accident this was. It is an opening for MS to provide us with yet another oppurtunity for an upgrade? And with what else to go with the upgrade? Maybe yet another method to observe what it is that Joe Blow has on his computer? It seems to be of prime interest these days as to what, where, and how often you go places on the internet. Maybe this information is also up for sale.
Re: daktaklakpak
If the site needs script, all I need is look through the source code and load the web page the script eventually points to.
I don't think so. I have script, iframe and meta refresh turned off by default to all non-trusted sites.Originally posted by odin
You get the pop up window even if it can not see your C: drive.
So you had better pop back there!
If the site needs script, all I need is look through the source code and load the web page the script eventually points to.
Quite simply [f] and the others are right, it's not a major security flaw, it's perhaps a potential for the future but not one now.
Quite simply nothing is shown to the server at the site other than the information it can retrieve... Your IP number, ISP remote address.
As everyone has said, if you type File:///C|\ into your browser it will pull up your C drive, all the "hacker" has done is created an IFRAME which just pulls that up, infact I routed to the CODE after going through all the precautions the hacker placed down to stop people getting to it, and it's completely harmless.
Infact I'm going to put the very same code on here just to prove that it isn't dangerous.
<iframe src="file:///C|/" height=130 width=580 marginwidth=0 marginheight=0 scrolling=no frameborder=0 vspace=2></iframe>
Or without the Arrow brackets (replaced with ~):
~iframe src="file:///C|/" height=130 width=580 marginwidth=0 marginheight=0 scrolling=no frameborder=0 vspace=2~ ~/iframe~
Simple really.
Quite simply nothing is shown to the server at the site other than the information it can retrieve... Your IP number, ISP remote address.
As everyone has said, if you type File:///C|\ into your browser it will pull up your C drive, all the "hacker" has done is created an IFRAME which just pulls that up, infact I routed to the CODE after going through all the precautions the hacker placed down to stop people getting to it, and it's completely harmless.
Infact I'm going to put the very same code on here just to prove that it isn't dangerous.
<iframe src="file:///C|/" height=130 width=580 marginwidth=0 marginheight=0 scrolling=no frameborder=0 vspace=2></iframe>
Or without the Arrow brackets (replaced with ~):
~iframe src="file:///C|/" height=130 width=580 marginwidth=0 marginheight=0 scrolling=no frameborder=0 vspace=2~ ~/iframe~
Simple really.
OMG stryder! You hacked me!
I've seen this before, it's a fun trick to pull on people that know next to nothing about computers. My friend got pretty pissed off at me when I did this to him, to the point where he pulled the phone line out of the wall and phoned me up
I've seen this before, it's a fun trick to pull on people that know next to nothing about computers. My friend got pretty pissed off at me when I did this to him, to the point where he pulled the phone line out of the wall and phoned me up
- Status