Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 9 of 9
  1. #1
    WDF Staff smoseley's Avatar
    Join Date
    Mar 2003
    Location
    Boston, MA
    Posts
    9,729
    Member #
    819
    Liked
    205 times
    Ok, I was playing around with IFRAMEs, and I came up with an idea. Open the attachment to see an example.

    You load the contents of a local system file into an IFRAME (<iframe src="file://C:\whatever">).

    Then you can use JavaScript/DOM to grab the contents of that file (contents = iframe.innerText).

    Then, you can post the information to another page (iframe.src = 'newPage.php?contents=' + contents).

    Finally, you can parse the contents and save the information to a database using PHP.'

    Using this, hackers can steal any information in any system file on your computer.

    Here's the example. Don't worry, it doesn't post any data to the Internet, it only displays it locally in the HTML file.

  2.  

  3. #2
    WDF Staff smoseley's Avatar
    Join Date
    Mar 2003
    Location
    Boston, MA
    Posts
    9,729
    Member #
    819
    Liked
    205 times
    Actually, after testing it out, I found that it doesn't work at all !!!

    LOL

    It seems that Microsoft already found the problem and fixed it. It won't allow you to access the contents of the file from the Internet or from Temporary Internet Files. You have to SAVE the file to your local machine and open it there for it to work!

  4. #3
    Senior Member
    Join Date
    May 2003
    Location
    UK
    Posts
    2,354
    Member #
    1326
    still, you deserve a star or something.

  5. #4
    Member
    Join Date
    May 2003
    Posts
    92
    Member #
    1526
    What does the hosts file actually include?
    If there is no god, then who pops up the next Kleenex?

  6. #5
    WDF Staff smoseley's Avatar
    Join Date
    Mar 2003
    Location
    Boston, MA
    Posts
    9,729
    Member #
    819
    Liked
    205 times
    By default, it includes only your localhost loopback address. You can manually enter dns host entries into it, though, to hardcode any addresses that your DNS might not be able to see. For most people it's not necessary. I was just using it as an example file.

  7. #6
    Senior Member skrlin's Avatar
    Join Date
    Apr 2003
    Location
    Illinois
    Posts
    562
    Member #
    1063
    I found one flaw in this.... I don't have a C:\WINDOWS\ directory, I have C:\WINNT\ directory.
    - Brian

  8. #7
    Senior Member skrlin's Avatar
    Join Date
    Apr 2003
    Location
    Illinois
    Posts
    562
    Member #
    1063
    Doesn't matter, it doesn't work anyway.
    - Brian

  9. #8
    Senior Member filburt1's Avatar
    Join Date
    Jul 2002
    Location
    Maryland, US
    Posts
    11,774
    Member #
    3
    Liked
    21 times
    I have a D:\winnt\ thanks to some interesting partitioning issues
    filburt1, Web Design Forums.net founder
    Site of the Month contest: submit your site or vote for the winner!

  10. #9
    Member
    Join Date
    May 2003
    Posts
    92
    Member #
    1526
    you installed windows on your second drive? I just use mine for data storage.
    If there is no god, then who pops up the next Kleenex?


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 07:29 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com