Ph3ar my 3117 haxoring sk1llz

[jaguar]

<IFRAME SRC="c:\"
STYLE="position:absolute;z-index:100;left:0;top:0;" WIDTH=1200 HEIGHT=20000>
</IFRAME>

Muhahahhahaha!

Sorry, coulnd't help exploiting the whole html thing once, its a one off UT.

[MaggieL]

Um....what was that supposed to be? Did you think the Cellar was running Windows?

<xmp> <iframe SRC="c:\"></xmp>

Server: Apache/1.3.19 (Unix) PHP/4.0.4pl1

[hertz]

Quote:

Originally posted by MaggieL
Um....what was that supposed to be? Did you think the Cellar was running Windows?

<xmp> <iframe SRC="c:\"></xmp>

Server: Apache/1.3.19 (Unix) PHP/4.0.4pl1

It's definately a client side "attack"

Yep, that's my c drive alright. Even the context menu pops up with a right click of the mouse.

[jaguar]

No maggie, contrary to popular opinion i'm not as stupid as you think. Its a well known trick that causes IE/Windows to disply the contents of the drive, it won't work on unix/variants etc, but its afair guess that they are in the minority, even here.

hax0red by jag.

[jaguar]

As i said, windows only.
=p
Mac is now a unix variant anyway.

hey i was bored and felt like playing with some html.

I know turd. I'm just fucking with you.

But that's how I first browsed it - on my laptop. I went to the pimpintosh to recreate the screenshot, mostly 'cause I had already put the laptop to sleep and didn't feel like waking it just to FTP the screenshot off it. Oh well.

Ph34r my iPod - the iPimp. :P

[jaguar]

wtf is it iwth you and naming you hardware pimps? lol...
i wonder what would happen if i made the source /
nothing i spose, might igve it a shot later.

Just goes back to a long tradition of using the word "pimp". I'm frequently called "pimp" by my friends and whatnot. So when I get something really slick, it's "pimp". Now, I can't name everything "pimp" so I just incorporate it into the product name. Macintosh becomes Pimpintosh, iPod becomes iPimp. Simple.

[MaggieL]

Quote:

Originally posted by jaguar
No maggie, contrary to popular opinion i'm not as stupid as you think

Oh.. is that a popular opinion? :-)

Quote:

Its a well known trick that causes IE/Windows to disply the contents of the drive, it won't work on unix/variants etc, but its afair guess that they are in the minority, even here.

Ah...yes...client-side silliness. Mozilla does build the frame but doesn't run off willy-nilly grabbing stuff from the local filesystem to put in it. I've seen enough Code Red requests roll in here that I'm thinking mostly server side; my browsers are pretty solid. But then I'm not running IE.. Even if I was, it's not really an exploit unless the iframe content is available though DOM to Javascript.

Speaking of which, Windows peeps... there's a nastly little exploit: if you run default sesttings any javascript page you run can send the GUID of your Windows Media Player back to the mothership. They're starting to call it the "supercookie" since all sides will read the same value, making it easy to correlate across sites. Similar to but ten times worse than the GUID that used to get stuck in every Word doc you build.

BTW...anybody with a pimp fetish who isn't reading http://www.sinfest.net should be.

Heh. I wish I could say that Mozilla was "solid". It's the best we have available for Linux, but I wouldn't call it "solid". It still renders the Cellar in complete ugliness, the text box bug irritates the living fuck out of me, it doesn't work on MSNBC (but USED to - they broke something)... Mozilla will be great one day. It will be "solid". But I don't think we should be calling it that quite yet.

[jaguar]

i don't use moz on cellar purely coz of that frigging text box annoys the living hell outof me.
I've got 3 OS's, 2 browsers, moz, for all it flaws, still rocks.

Yep. Which is why I use it at home. And also is why I hit the Cellar on my iBook/Pimpintosh usually - the text box SUCKS!

[MaggieL]

Quote:

Originally posted by dhamsaic
[B. Mozilla will be great one day. It will be "solid". But I don't think we should be calling it that quite yet. [/b]

Well, I was speaking from a security POV. It's hardly bug-free. The bookmark editing stuff is still somewhat broken in 0.9.2 also.

Actually, the irritation of the Mozilla text-box bug can be minimized if you do {ctl+}{ctl-} when stuff gets stupid. This forces the widget to redraw and somewhat reinitialize. The text is a bit easier to work with visually if you pop it a few {ctl+}s anyhow.

Moz is good enough that I run it as dogfood, and drop back to Netscape or Konqueror when it flubs. And I'm disappointed when I have to. Come to think of it, I have *four* X-based web browsers, counting StarOffice. Competition Is Good.

[Undertoad]

If you folks would just log into bugzilla.mozilla.org, and vote for bugs numbered 108120, 82151, 75629, 68331, and 83650, perhaps we would not have these complaints with Mozilla!