TUCoPS :: Browsers :: hack3699.htm

TUCoPS :: Browsers :: hack3699.htm
Possible new cross zone scripting in IE

Possible new cross zone scripting in IE title:Possible new cross zone scripting in IE program:MS Internet Explorer test on:IE 6.0(sp1),winXP/ME Proof of Concept: From res://C:\WINDOWS\SYSTEM\BROWSELC.DLL/mbOffline.htm ,i found this links to a folder(c:\My document\My Music). I built a page(http://www.freewebs.com/applesoup/shell_my_music.htm) like following: this frame is in "My computer" zone. I think there is some way to make cross zone scripting to this frame. ------------- Cheng Peng Su </pre></tt></body></html>  <center> </center> <center><a href="/firefox.htm">TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).</a></center> <center>Site design & layout copyright © 1986-2025 AOH </center> <center><IMG SRC="http://artofhacking.com/cgi-bin/sc/sc.cgi?acct=tucops&font=payphone-med"></center> </body> </html>