Demo link (execute a program on a remote machine )

[Patteman]

Sorry if this is posted in the wrong forum, can't find the right one...

http://www.liquidwd.freeserve.co.uk/

This little demonstration could happen, but not in demo mode, to ye i guess.
How do one protect one self from this ? Seems a little bit scary to a newbie like me...

P-man

[jcdux]

run *nix

[IchNiSan]

hmm.. here is an idea... It worked for me on that page.

Disable scripting in IE or, set it to prompt you to run a script...

[IchNiSan]

ok.. I admit, it is a pain in the ass to have scripting set to prompt.

Simply to reply to this thread after setting scripting to promt forced me to click ok 5 times...

And I suspect it would not work at all if you disabled scripting entirely.

Perhaps a different browser might work...

Netscape perhaps... or

Opera

http://www.opera.com/

I think that the main problem with scripting in IE is that IE is windows for all intents and purposes. So, scripts have access to core operating system commands by interfacing with IE.

I could be wrong... maybe all browsers have a similar problem with scripting in windows..

IchNiSan

[Tedob1]

FYI:

my ie6 prompts for scripts, says they are probably safe to run, ta dah! command shell.

opera 6 dosn't ask, dosn't run it

[valhallen]

this script would open a command window when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME).

heh for once am glad am still stuck with 95 did sweet fa even tho am running IE 5.5

v_Ln

[ac1dsp3ctrum]

This shows the vulnerabilities of Windows, but there is a simple way to fix this exploit.... And all it takes is 7 simple characters..... Boot into DOS and type in 'format C:' problem solved

[8*B@LL]

set prompt for scripting for the "internet" zone, then add this site to your "trusted" zone. do the same with sites you trust. and *poof* problem goes away...