[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Viewing hard drive
On Thu, 9 May 2002, Chris J wrote:
> And Lo! The Great Prophet "Ian W. Wright" uttered these words of wisdom...
> >
> > A few days ago I mentioned that I had been surprised by an advert that
> > appeared to be seeing through my firewall - well, someone suggested that
> > it might have been done by a javascript and I have now located just such
> > a script. So, if anyone is interested in playing with it, it is at
> > http://webdeveloper.earthweb.com/webjs/item/0,3602,12760_52951,00.html
>
> You don't even need Javascript, at least on Windows boxes, as this would do
> the job:
> <iframe src="file://c:\"></iframe>
>
> Completely safe as it doesn't send owt back to server, but for the
> uninitiated who don't know what a URL means, or how to read HTML its a
> rather nasty trick to play and one which I have seen used.
> Trying "file:///" (to try and get root directory) doesn't work though...what
> it does on a Linux box I can't say 'til I get home to play. Anyone want to
> experiment ?
You can put a host part in the file URL - try this:
file://localhost/etc/passwd
If it's blank, it's supposed to be taken as localhost. Ref: RFC1738,
section 3.10.
Cheers :)
R
--
Richard Stevenson, Systems Specialist, Xtra Limited
Phone: +64 9 355 5231 Mobile: +64 25 290 3101 Pager: +64 26 100 155
Speaking of which, my theory is that if you have an infinite number of
pompous twats in an infinite number of cocktail parties they will
eventually quote all of Shakespeare's literary works.
-- Toni Lassila
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.