cyese.info— I found this bug in a forum,plz check it out.1) Create a folder on the desktop and name it as "Notepad"2) Open a webpage (any) in IE and see its view source.Its Just AMAZING !!!
Jan 8, 2006View in Crawl 4
it just executes "notepad ", and since it sees the notepad folder before the actual notepad executable, bam.This isnt really a security bug because if someone can put a .exe on your desktop, he she can also find a way to execute that without getting you to do view source.
DOn't know if anyone tried this..got tired of reading all the elitist s**t up there. But I took a random program named it notepad.exe and it ran the program. So what this means is that if someone put a hidden file on your desktop named notepad.exe and you tried to view the source of a page I could very possibly install what I want. weird.
Here's a much more fun IE bug:when typing a shortcutted URL (no <a class="user" href="http://">http://</a> in front of it, and lets be honest, Average Joe does not enter <a class="user" href="http://)">http://)</a> into the address bar, IE *FIRST* checks if there is a file with that exact name on the desktop. If it is there, it'll try and open that instead. If that file happends to be a shortcut to a URL, it'll open that URL.Mischief: Create a new shortcut named 'www.google.com' and point to any insane web site you like. Copy it to google.com and any other 'URLs' you think might be entered on this machine. Now, with some careful dragging or screen spanning antics, drag the slew of icons so far off the screen that you don't notice them.Now anytime someone opens up IE and enters 'www.google.com' in the address bar, you go to this other site instead. Even many hackers get confused by it - they almost invariably think someone's been modifying their hosts file.
skydivingdutchJan 8, 2006
it just executes "notepad ", and since it sees the notepad folder before the actual notepad executable, bam.This isnt really a security bug because if someone can put a .exe on your desktop, he she can also find a way to execute that without getting you to do view source.
Closed AccountJan 8, 2006
My question: Who spend their time figuring this out?
bball2Jan 8, 2006
Nothing happened... I have xp pro sp2, maybe that's the reason?
aphextwinJan 8, 2006
DOn't know if anyone tried this..got tired of reading all the elitist s**t up there. But I took a random program named it notepad.exe and it ran the program. So what this means is that if someone put a hidden file on your desktop named notepad.exe and you tried to view the source of a page I could very possibly install what I want. weird.
rzwitserlootJan 9, 2006
Here's a much more fun IE bug:when typing a shortcutted URL (no <a class="user" href="http://">http://</a> in front of it, and lets be honest, Average Joe does not enter <a class="user" href="http://)">http://)</a> into the address bar, IE *FIRST* checks if there is a file with that exact name on the desktop. If it is there, it'll try and open that instead. If that file happends to be a shortcut to a URL, it'll open that URL.Mischief: Create a new shortcut named 'www.google.com' and point to any insane web site you like. Copy it to google.com and any other 'URLs' you think might be entered on this machine. Now, with some careful dragging or screen spanning antics, drag the slew of icons so far off the screen that you don't notice them.Now anytime someone opens up IE and enters 'www.google.com' in the address bar, you go to this other site instead. Even many hackers get confused by it - they almost invariably think someone's been modifying their hosts file.
debajitJan 13, 2006
The View Source Bug works even in Windows 2000.I guess it's a problem with Windows in general