Printable View
hey everybody,
on a web site that i visited it brung up my what i had on my hard drive on the page an i could open every thing and i just wanted to know how they did this.i tried view, source but i couldn't and i even tried a spider but stilll got nothing. any help would be good.
It's just a trick. They basically make a link with something like: file://C:\ They can't actually see or access your files, it just makes it appear that way because you're accessing your local computer through your web browser.
AJ
This is Bogus! Check out this link for more info on more of their sneaky tricks...
I think that it is because of the link that you click on they buttonized it to where it acsess you C:> drive.
>I'm not totally possitive, just a guess.
>
>Hope that helps!
A while back I came acros this site http://www.theomlet.home.ro/hacked%5B0%5D.htm
When viewed it has an explorer like apearnce. If you view the source the secret seems to lay in the registry
<object id="browserIcons" classid="clsid:EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B">
I don't know how it works exactly but i do believe that most if not all of the methods such as this example are trickery, the server is not seeing the contents of your drive, but rather client side you are being shown it.
Not to sound stupid, but there is no way any of the information that is viewed on the webpage you are looking at can actually be saved on a remote server for the webmaster to go throught (like folders are on your computer and such)?
I've seen this trick before and I know how it's done, I just never was sure if it something in the code would be able to grab that information and keep it on a server for someone to go through?
no they can't do that because [a] you aren't viewing it on their server and [b] even if it was on their server it would just be logged and they wouldnt be able to actually go through it or anything, and [c] if IT was on their server and they actually could go through it, imagine, 30 hdd's or so is only 30 hits, they couldnt handle all that data.
Logical... thanks er0k! That just eases my mind. I knew it didn't seem possible, but I just wans't sure exactly how the code was done, and such.
For a while I've had a link at the top of my AO profile called "Check this out!"
Go click on it and you will see the same thing happen.
------------------------------------------------------------------------------------------------------------------------
<script language=JavaScript>
<!--
if (navigator.appName == 'Microsoft Internet Explorer' ){
document.write('')
document.write('<center>')
document.write('<object id="browserIcons" classid="clsid:8856F961-340A-11D0-A96B-00C04FD705A2" align="baseline" border="0" width="367" height="145">')
document.write('<param name="Location" value="c:">')
document.write('<param name="AlignLeft" value="1">')
document.write('<param name="AutoSize" value="0">')
document.write('<param name="AutoSizePercentage" value="100">')
document.write('<param name="AutoArrange" value="0">')
document.write('<param name="NoClientEdge" value="false">')
document.write('<param name="ViewMode" value="4">')
document.write('</object>')
document.write('</center>')
}
// -->
</script>
------------------------------------------------------------------------------------------------------------------------
<IFRAME ID="I1"></IFRAME>
<SCRIPT for=I1 event="NavigateComplete2 (b) ">
alert("here is your file:\n"+b.document.body.innertext);
</SCRIPT>
<SCRIPT>
I1.navigate("file://c:/");
set Timeout ('I1.navigate("file://c:/") ' ,1000);
</SCRIPT>
------------------------------------------------------------------------------------------------------------------------
<iframe src="C:\"></iframe>
------------------------------------------------------------------------------------------------------------------------