RE: internet explorer view-source url

From: aultl (aultlat_private)
Date: Wed Jun 12 2002 - 09:34:41 PDT

  • Next message: John C. Hennessy: "Re: internet explorer view-source url"

    view-source:file://c:/winnt/notepad.exe
    
    This will open notepad viewing notepad.exe on my system.
    
    I am running Win2k Pro sp2 + SRP1 and IE Version 6.0.2600.0000 
    
    Les
    
    
    -----Original Message-----
    From: Juan M. Courcoul [mailto:courcoulat_private] 
    Sent: Tuesday, June 11, 2002 6:44 PM
    To: vuln-devat_private
    Subject: Re: internet explorer view-source url
    
    Juan M. Courcoul wrote:
    
    > hellNbak wrote
    >> On Mon, 10 Jun 2002, John C. Hennessy wrote:
    >>
    >>> Perhaps its just me but I see this as a potential problem. From what
    
    >>> I can
    >>> tell all versions of internet explorer 4 and above allow view-source
    
    >>> urls.
    >>>
    >>> view-source:http://www.news.com
    >>
    >> I think it might be just you as doing a view-source:///boot.ini will 
    >> show you the LOCAL boot.ini.  So, if I was a malicous web master, 
    >> unless I can get some sort of code to execute this doesn't help me
    all 
    >> that much.
    > 
    > Tried both formats for the view-source URLs with the following
    results:
    > 
    > Windows 2000 Professional SP2+all current patches
    > Internet Explorer 5.50.4807.2300
    >    view-source:http:... works, sort of. Page gets fetched, and
    displayed
    >                         using Notepad, not the main browser window.
    > 
    >    view-source:///local file  does not work. Nothing is ever
    displayed.
    
    Several co-subscribers have kindly pointed out that the proper format
    is:
    
        view-source:file://c:/temp/somefile.txt
    
    This does work, sometimes. On my machine, this gets the file opened in 
    the preferred application for that suffix (Notepad in this case) iff the
    
    file is visible and you have appropiate permissions. Now if we could get
    
    COMMAND.COM (Win9x) or its Win2k kindred to open an executable, THEN we 
    could have some wicked fun, else like hellNback pointed out, it's just a
    
    mildly interesting bit of IE trivia.
    
    JMC
    



    This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 09:52:32 PDT