Stop Microsoft
All Things Microsoft => Microsoft Software => Topic started by: Refalm on 22 April 2003, 23:35
-
Put this code in your website:
And a user using IE and MS Agent 5 (standard on in Windows XP) gets a free cupholder :D
-
WOW. Someone should set up a website offering free porno and put that script in the page.
-
That is brilliant! I think I'll put that on my 404 page...
"YOU typed in the wrong URL. So I'M going to open your CD-rom drives!"
[ April 22, 2003: Message edited by: The Muffin Man ]
-
WOW! Great script! :D Where did you get that from Refalm?
-
quote:
Panos: Where did you get that from Refalm?
A friend made it... I was stunned when I saw it work (http://smile.gif) this tells much about how "secure" Internet Explorer is (http://tongue.gif)
[EDIT]I tried it at home. It opens both my CD-ROM player and burner. Too bad it doesn't work in Mosaic, Mozilla or Opera :rolleyes: [/EDIT]
[ April 22, 2003: Message edited by: Refalm ]
-
WOW! I tried it in Win2k and it works! :D Man, this is a great script! I'll make a test page just to show people how insecure IE is. (http://tongue.gif)
-
i put that in my signature at numerous forums :D
-
quote:
Originally posted by ShawnD1:
i put that in my signature at numerous forums :D
I thought you could only use BB code in sigs.
-
Only w/ VBScript. JavaScript doesn't allow u to do that. Why? B/c client-side scripting languages are suppose to be secure and not allow remote access to the client's system. But VBScript is M$ technology so why am i not surprised.
-
so where's the code to get it to wipe your windows system files and shut down and so on? CDROM opening is for wusses! :D :D :D
but this does show a really serious vulnerable side of internet exploder. also, if enough people get on the campaign to include this code all over the place, we might induce a mass switch to linux purely from people fed up with closing their CD drawers!
-
actually there *was* code that you could embed in a web page to delete your choice of files or folders on xp. microsoft took two months to fix it. the reason was "well service pack one is coming out soon. we don't want to release a patch when we can just fix it with service pack one."
i think you can read about it at grc.com but yeah any windows comouter that hasnt got service pack one or any of the hotfixes after that is vulnerable to having bits deleted. nice script though (vb is *not* what i would call better than a scripting language... i mean perl kicks its arse.) I must add this to my debian servers index page 8-).
-
i wouldn't mind knowing that exploit for pre-service pack one, maybe i will have to google it...
-
Ok i tried running that script in IE 5.1 for os ten how come it didn't work ?
-
Feel free to send people here if you want to show it off: http://thequirk123.haxorz.org/. (http://thequirk123.haxorz.org/.)
I assume the URL will be perfect to lure script kiddies. :rolleyes: It also has the thingie that crashes win9x.
-
TheQuirk:
I tried your test on my fuckdows machine and it didn't work, unless you're setting up some sort of trap.
Doublecheck that link!
-
quote:
Originally posted by TheQuirk:
Feel free to send people here if you want to show it off: http://thequirk123.haxorz.org/. (http://thequirk123.haxorz.org/.)
I assume the URL will be perfect to lure script kiddies. :rolleyes: It also has the thingie that crashes win9x.
It feels really good when you open that in mozilla.
-
quote:
TheQuirk: I assume the URL will be perfect to lure script kiddies. :rolleyes: It also has the thingie that crashes win9x.
Look into the source code of thequirk123.haxorz.org. It says "file:///c|/con/con", but instead it should be "C:\CON\CON\" (without the quotes).
-
Actually, you can't reference things like that. You have to use file:// links.
And hell, you know that pre XPSP1 problem? Any illegal or slightly fuggered copies of XP will be vulnerable. Why? Because SP1 checks your CD Key before installing.
If it doesn't like it... no security fixes for you!!!
Oh, and you need Windows Media Player 7 to open the cdroms. That's why you can't do it on95 or XP, or OS X.
[ April 28, 2003: Message edited by: The Angel Of Death BETA 2.0 ]
-
quote:
The Angel Of Death: Actually, you can't reference things like that. You have to use file:// links.
Incorrect, you actually can!
[ April 29, 2003: Message edited by: Refalm ]
-
quote:
It feels really good when you open that in mozilla.
DAMN RIGHT IT DOES!!!!! :)