What do you think of this!

Discussion in 'Computer Science & Culture' started by odin, Dec 18, 2001.

Thread Status:
Not open for further replies.
  1. odin Registered Senior Member

    Messages:
    1,098
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. Avatar smoking revolver Valued Senior Member

    Messages:
    19,083
    I have seen this also in astalavista.com
    you can buy the full code there too
    twas 50or80$.
     
  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. daktaklakpak God is irrelevant! Registered Senior Member

    Messages:
    710
    I am using IE6, and I don't see any pop up or directory of my hard disk.
     
  6. Google AdSense Guest Advertisement



    to hide all adverts.
  7. odin Registered Senior Member

    Messages:
    1,098
    daktaklakpak

    You get the pop up window even if it can not see your C: drive.
    So you had better pop back there!

    Please Register or Log in to view the hidden image!

    Please Register or Log in to view the hidden image!

    Please Register or Log in to view the hidden image!

     
  8. wet1 Wanderer Registered Senior Member

    Messages:
    8,616
    I wonder just how much of an accident this was. It is an opening for MS to provide us with yet another oppurtunity for an upgrade? And with what else to go with the upgrade? Maybe yet another method to observe what it is that Joe Blow has on his computer? It seems to be of prime interest these days as to what, where, and how often you go places on the internet. Maybe this information is also up for sale.
     
  9. daktaklakpak God is irrelevant! Registered Senior Member

    Messages:
    710
    Re: daktaklakpak

    I don't think so. I have script, iframe and meta refresh turned off by default to all non-trusted sites.

    Please Register or Log in to view the hidden image!


    If the site needs script, all I need is look through the source code and load the web page the script eventually points to.

    Please Register or Log in to view the hidden image!

     
  10. Mr_Japio Registered Member

    Messages:
    15
    I think it is scary... just scary. How many users are out there without good security to block these kind of attempts to see (or maybe alter) this information about you?

    I get a creepy X-files kinda feeling thinking about extrapolated use for this kind of tools....

    Please Register or Log in to view the hidden image!

     
  11. dexter ROOT Registered Senior Member

    Messages:
    689
    Hmm... From what I think, that shouldnt be too hard to do. Just have another frame that is pointed to c:\

    try it! in your browser, type c:

    and you get your hardrive. It is easy, no security flaw or anything....
     
  12. [f] Registered Senior Member

    Messages:
    48
    thats nothing to be afraid of lol

    its all done client side...so nothing gets transmited to any server or MS or anything.

    that (and pages very similar) have been around for ages and ages.

    its accomplished as dexter has said....
     
  13. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    Quite simply [f] and the others are right, it's not a major security flaw, it's perhaps a potential for the future but not one now.

    Quite simply nothing is shown to the server at the site other than the information it can retrieve... Your IP number, ISP remote address.

    As everyone has said, if you type File:///C|\ into your browser it will pull up your C drive, all the "hacker" has done is created an IFRAME which just pulls that up, infact I routed to the CODE after going through all the precautions the hacker placed down to stop people getting to it, and it's completely harmless.

    Infact I'm going to put the very same code on here just to prove that it isn't dangerous.

    <iframe src="file:///C|/" height=130 width=580 marginwidth=0 marginheight=0 scrolling=no frameborder=0 vspace=2></iframe>

    Or without the Arrow brackets (replaced with ~):
    ~iframe src="file:///C|/" height=130 width=580 marginwidth=0 marginheight=0 scrolling=no frameborder=0 vspace=2~ ~/iframe~

    Simple really.
     
  14. Xelios We're setting you adrift idiot Registered Senior Member

    Messages:
    2,447
    OMG stryder! You hacked me!

    Please Register or Log in to view the hidden image!



    I've seen this before, it's a fun trick to pull on people that know next to nothing about computers. My friend got pretty pissed off at me when I did this to him, to the point where he pulled the phone line out of the wall and phoned me up

    Please Register or Log in to view the hidden image!

     
Thread Status:
Not open for further replies.

Share This Page