view-source:file://c:/winnt/driver cache/i386/driver.cab or any other large file, kills the system for a while. (Page File and Hibernation files are locked by the system) while this this alone may not be such a big deal,.. you could use javascript to pop up n instances of that link, multiplying the effect n times -Chris Carey On Wed, 2002-06-12 at 09:34, aultl wrote: > view-source:file://c:/winnt/notepad.exe > > This will open notepad viewing notepad.exe on my system. > > I am running Win2k Pro sp2 + SRP1 and IE Version 6.0.2600.0000 > > Les > > > -----Original Message----- > From: Juan M. Courcoul [mailto:courcoulat_private] > Sent: Tuesday, June 11, 2002 6:44 PM > To: vuln-devat_private > Subject: Re: internet explorer view-source url > > Juan M. Courcoul wrote: > > > hellNbak wrote > >> On Mon, 10 Jun 2002, John C. Hennessy wrote: > >> > >>> Perhaps its just me but I see this as a potential problem. From what > > >>> I can > >>> tell all versions of internet explorer 4 and above allow view-source > > >>> urls. > >>> > >>> view-source:http://www.news.com > >> > >> I think it might be just you as doing a view-source:///boot.ini will > >> show you the LOCAL boot.ini. So, if I was a malicous web master, > >> unless I can get some sort of code to execute this doesn't help me > all > >> that much. > > > > Tried both formats for the view-source URLs with the following > results: > > > > Windows 2000 Professional SP2+all current patches > > Internet Explorer 5.50.4807.2300 > > view-source:http:... works, sort of. Page gets fetched, and > displayed > > using Notepad, not the main browser window. > > > > view-source:///local file does not work. Nothing is ever > displayed. > > Several co-subscribers have kindly pointed out that the proper format > is: > > view-source:file://c:/temp/somefile.txt > > This does work, sometimes. On my machine, this gets the file opened in > the preferred application for that suffix (Notepad in this case) iff the > > file is visible and you have appropiate permissions. Now if we could get > > COMMAND.COM (Win9x) or its Win2k kindred to open an executable, THEN we > could have some wicked fun, else like hellNback pointed out, it's just a > > mildly interesting bit of IE trivia. > > JMC > >
This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 14:53:45 PDT