February 20th, 2002, 07:53 AM
Demo link (execute a program on a remote machine )
Sorry if this is posted in the wrong forum, can't find the right one...
This little demonstration could happen, but not in demo mode, to ye i guess.
How do one protect one self from this ? Seems a little bit scary to a newbie like me...
You start to wonder if you really know yourself, when you smell your exkrements...
February 20th, 2002, 04:23 PM
[glowpurple]manually editing your config files can break them. If this happens, you get to keep both pieces. [/glowpurple]
February 20th, 2002, 04:30 PM
hmm.. here is an idea... It worked for me on that page.
Disable scripting in IE or, set it to prompt you to run a script...
February 20th, 2002, 04:46 PM
ok.. I admit, it is a pain in the ass to have scripting set to prompt.
Simply to reply to this thread after setting scripting to promt forced me to click ok 5 times...
And I suspect it would not work at all if you disabled scripting entirely.
Perhaps a different browser might work...
Netscape perhaps... or
I think that the main problem with scripting in IE is that IE is windows for all intents and purposes. So, scripts have access to core operating system commands by interfacing with IE.
I could be wrong... maybe all browsers have a similar problem with scripting in windows..
February 20th, 2002, 06:04 PM
my ie6 prompts for scripts, says they are probably safe to run, ta dah! command shell.
opera 6 dosn't ask, dosn't run it
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
February 20th, 2002, 08:27 PM
heh for once am glad am still stuck with 95 did sweet fa even tho am running IE 5.5
this script would open a command window when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME).
February 20th, 2002, 08:38 PM
This shows the vulnerabilities of Windows, but there is a simple way to fix this exploit.... And all it takes is 7 simple characters..... Boot into DOS and type in 'format C:' problem solved
February 20th, 2002, 09:20 PM
set prompt for scripting for the "internet" zone, then add this site to your "trusted" zone. do the same with sites you trust. and *poof* problem goes away...
There are 10 types of people in this world: those who understand binary, and those who dont.