PDA

View Full Version : How Do I Fix This? IE leak?

Ice_Czar
May 26th, 2002, 12:50 PM
http://www.xxx.de/
>go to Sicherheits-Check (Blue Menu to the left under Security)

URL deleted by Forum Admin because of various warez links

C:\ - Test

The contents of my C: directory are visable *:o

The Babelfish Translation:
Please, look just(exactly)! It is the content of THEIR(HER) non removable disk C:!
Herewith dubious web contents advertise at the moment around your favour / purse and throw many surfers. (Nevertheless, you Use the picture run borders, and open someone (e.g., *.txt) to file or file) counter measure: Not inevitably! It is, in this connection, only about a small trick, a so-called Framelink (here " file: \\\ C | \ ") on own non removable disk C: places. I.e. only you yourselves see your non removable disk and, otherwise, nobody


So this is just a trick? Can you block this Framelink? (without installing everything to D:\)?
Checkout
May 27th, 2002, 07:56 AM
It's just a cheap trick. *You have nothing to worry about.
zappa
May 27th, 2002, 08:14 AM
That link won't last half the day. *I give it an hour, max.
Jooske
May 27th, 2002, 08:37 AM
Paste this code in an email source or notepad, and save as html file.
this example shows your d:\ in the line with "location"
so you can change that for c:\

It was made with all good intensions by a webmaster who wanted his visitors to be able to see or grab files for download from his CD-ROM drive, to spare all the uploading, but something makes the visitors see their own d:\ , hence the unintended panic.
We can use this trick in an emulator to show the intruder his drive content is visible.
There is nothing wrong with this example, nothing illegal or whatever, just a little scipt as it is now to show your OWN drive content.
Mind the wrapped lines, stretch them back or you get error messages.



*<CENTER>
*<SCRIPT language=JavaScript><!--
if (navigator.appName == 'Microsoft Internet Explorer'){
* * *
* * *document.write('<left>')
* * *document.write('<object id="browserIcons" classid="clsid:8856F961-340A-11D0-A96B-00C04FD705A2" align="baseline" border="0" width="100%" height="100%">')
* * *document.write('<param name="Location" value="d:/">')
* * *document.write('<param name="AlignLeft" value="1">')
* * *document.write('<param name="AutoSize" value="1">')
* * *document.write('<param name="AutoSizePercentage" value="100%">')
* * *document.write('<param name="AutoArrange" value="1">')
* * *document.write('<param name="NoClientEdge" value="false">')
* * *document.write('<param name="ViewMode" value="3">')
* * *document.write('</object>')
* * *document.write('</left>')
}
// --></SCRIPT>
*</CENTER>
Ice_Czar
May 30th, 2002, 01:44 AM
Thanx for the code Jooske *;D
You make it look so simple (but Im sure its not), Im goin to have to learn to script. Copied it to Notepad and saved as an HTML. *:o

To our Moderator

My profound apologies about the link, *(I assume in this case its the crack program and password viewer?) The "softwarez" links all lead to legitimate vendors.
Though the "hardwarez" links are semi legal tutorials?

Followed a link there initially to get a program to create custom BIOS logos. Found the program to crypt html pages so you cant save pictures, and tumbled to the above "trick"

Thought I had a leak, till I translated it twice and then posted here to make sure. And I was using the other security tests.

By that time Id completely forgotten about that crack program. (about a week had gone by)

Sorry
Paul Wilders
May 30th, 2002, 05:52 AM
Hi Ice_Czar,

Forget about it; things like these happen unintentionally. No big deal *;)

regards.

paul
Checkout
May 30th, 2002, 08:10 AM
I'd like to know what the term "Warez" actually means and where it originated.

MTIA
Ice_Czar
May 30th, 2002, 11:02 AM
warez

"Warez (pronounced as though spelled "wares" or possibly by some pronounced like the city of "Juarez") is a term used by software "pirates" to describe software that has been stripped of its copy-protection and made available on the Internet for downloading. People who create warez sites sometimes call them "warez sitez" and use "z" in other pluralizations.
According to the International Planning & Research Corporation, warez Web sites cost software vendors $11.8 billion in 2001. The most popular downloads at warez sites include applications from major vendors such as Microsoft, Symantec, Macromedia, and Adobe Systems. The vendors have joined forces with the Business Software Alliance (BSA) to successfully close a loophole in Internet law that allowed warez distributors to avoid legal prosecution as long as they didn't profit monetarily from their distributions. (Use of warez software is also illegal and may result in a jail sentence.)

Warez should not be confused with shareware or freeware software applications, which are legal and may be freely copied and distributed. "

From: http://whatis.techtarget.com/definition/0,,sid9_gci213338,00.html