RE: internet explorer view-source url

From: chris carey (securityat_private)
Date: Wed Jun 12 2002 - 14:00:52 PDT

Next message: Mark Rowe: "Re: wireless woes in the triangle and beyond!"

Previous message: John C. Hennessy: "Re: internet explorer view-source url"
In reply to: aultl: "RE: internet explorer view-source url"
Next in thread: Blue Boar: "Re: internet explorer view-source url"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

view-source:file://c:/winnt/driver cache/i386/driver.cab

or any other large file, kills the system for a while.

(Page File and Hibernation files are locked by the system)

while this this alone may not be such a big deal,.. 
you could use javascript to pop up n instances of that link, 
multiplying the effect n times

-Chris Carey



On Wed, 2002-06-12 at 09:34, aultl wrote:
> view-source:file://c:/winnt/notepad.exe
> 
> This will open notepad viewing notepad.exe on my system.
> 
> I am running Win2k Pro sp2 + SRP1 and IE Version 6.0.2600.0000 
> 
> Les
> 
> 
> -----Original Message-----
> From: Juan M. Courcoul [mailto:courcoulat_private] 
> Sent: Tuesday, June 11, 2002 6:44 PM
> To: vuln-devat_private
> Subject: Re: internet explorer view-source url
> 
> Juan M. Courcoul wrote:
> 
> > hellNbak wrote
> >> On Mon, 10 Jun 2002, John C. Hennessy wrote:
> >>
> >>> Perhaps its just me but I see this as a potential problem. From what
> 
> >>> I can
> >>> tell all versions of internet explorer 4 and above allow view-source
> 
> >>> urls.
> >>>
> >>> view-source:http://www.news.com
> >>
> >> I think it might be just you as doing a view-source:///boot.ini will 
> >> show you the LOCAL boot.ini.  So, if I was a malicous web master, 
> >> unless I can get some sort of code to execute this doesn't help me
> all 
> >> that much.
> > 
> > Tried both formats for the view-source URLs with the following
> results:
> > 
> > Windows 2000 Professional SP2+all current patches
> > Internet Explorer 5.50.4807.2300
> >    view-source:http:... works, sort of. Page gets fetched, and
> displayed
> >                         using Notepad, not the main browser window.
> > 
> >    view-source:///local file  does not work. Nothing is ever
> displayed.
> 
> Several co-subscribers have kindly pointed out that the proper format
> is:
> 
>     view-source:file://c:/temp/somefile.txt
> 
> This does work, sometimes. On my machine, this gets the file opened in 
> the preferred application for that suffix (Notepad in this case) iff the
> 
> file is visible and you have appropiate permissions. Now if we could get
> 
> COMMAND.COM (Win9x) or its Win2k kindred to open an executable, THEN we 
> could have some wicked fun, else like hellNback pointed out, it's just a
> 
> mildly interesting bit of IE trivia.
> 
> JMC
> 
>

Next message: Mark Rowe: "Re: wireless woes in the triangle and beyond!"
Previous message: John C. Hennessy: "Re: internet explorer view-source url"
In reply to: aultl: "RE: internet explorer view-source url"
Next in thread: Blue Boar: "Re: internet explorer view-source url"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 14:53:45 PDT