[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Viewing hard drive



On Thu, 9 May 2002, Chris J wrote:

> And Lo! The Great Prophet "Ian W. Wright" uttered these words of wisdom...
> >
> > A few days ago I mentioned that I had been surprised by an advert that
> > appeared to be seeing through my firewall - well, someone suggested that
> > it might have been done by a javascript and I have now located just such
> > a script. So, if anyone is interested in playing with it, it is at
> > http://webdeveloper.earthweb.com/webjs/item/0,3602,12760_52951,00.html
>
> You don't even need Javascript, at least on Windows boxes, as this would do
> the job:
> <iframe src="file://c:\"></iframe>
>
> Completely safe as it doesn't send owt back to server, but for the
> uninitiated who don't know what a URL means, or how to read HTML its a
> rather nasty trick to play and one which I have seen used.
> Trying "file:///" (to try and get root directory) doesn't work though...what
> it does on a Linux box I can't say 'til I get home to play. Anyone want to
> experiment ?

You can put a host part in the file URL - try this:

file://localhost/etc/passwd

If it's blank, it's supposed to be taken as localhost.  Ref: RFC1738,
section 3.10.

Cheers :)

R

-- 
Richard Stevenson, Systems Specialist, Xtra Limited
Phone: +64 9 355 5231   Mobile: +64 25 290 3101   Pager: +64 26 100 155

  Speaking of which, my theory is that if you have an infinite number of
  pompous twats in an infinite number of cocktail parties they will
  eventually quote all of Shakespeare's literary works.
    -- Toni Lassila

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.