What is Digg?68 Comments
- chosenone-, on 10/12/2007, -0/+4A bug in Windows? No way!
- jmccorm, on 10/12/2007, -0/+3^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
THIS ENTIRE THREAD IS PRETTY MUCH DIGG, IN A NUTSHELL.
What happened to the cool Digg of months gone by, before the invasion of 13 year olds? - isaacraja, on 10/12/2007, -0/+2Also instead of creating a folder, put a file called notepad.exe, and IE will open the notepad.exe file for you
- piesforyou, on 10/12/2007, -0/+2hehehe, again, just shows there's definately some underlying problems with IE.
For those who can't be bothered to do it (or for linux/mac users), when you 'view source' in IE it opens up the notepad folder you created on the desktop. - crunk, on 10/12/2007, -0/+1Dupy and Snowthrower: If this is part of the design of windows xp it is wrong, either desktop should not be first in the path or internet explorer should point to the real notepad with the full path.
For this very reason in bash (unix/linux/osx etc) scripts binaries are always referenced with the full path to help stop trojans being injected into the path like this allows. - Stopher, on 10/12/2007, -0/+1Maybe it's something like a path system variable and windows just looks in the desktop directory first.
- crapiolio, on 10/12/2007, -0/+1My question: Who spend their time figuring this out?
- xfirei, on 10/12/2007, -0/+1that was cute
- skydivingdutch, on 10/12/2007, -0/+1it just executes "notepad ", and since it sees the notepad folder before the actual notepad executable, bam.
This isnt really a security bug because if someone can put a .exe on your desktop, he she can also find a way to execute that without getting you to do view source. - Matt2k, on 10/12/2007, -0/+1This is an old "issue" and is well known. It has to do with the way that the Win32 API searches for a program/folder. It's even documented.
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=340
If you tell the system to run C:program filessomefolderapplication.exe the system will attempt to run
c:program.exe (With filessome folderapplication.exe) as a command line parameter
c:program filessome.exe folderapplication.exe
and finally
C:program filessomefolderapplication.exe
Applications should enclose their paths in quotation marks to help prevent this from happening.
If anything, this is probably a bug in IE. - dupy, on 10/12/2007, -0/+1This isn't a bug. If it was - you certainly wouldn't have been the first to find it. It's been found, dealt with, and explained long ago. Notepad is the default text editor in the Win-world. When you go to view-source, it throws "Notepad" as an argument at the shell. One of the first places Windows looks for Notepad is the desktop. Finding a "Notepad," it passes the full path of the argument back to the shell for loading. The shell figures out its a folder and not an executable, and voila - you are viewing the contents of the folder as you would any other folder. This is more of a "parlor trick" than a bug.
- sdwashu, on 10/12/2007, -0/+1Old and documented.
http://www.mredkj.com/tutorials/notepad_desktop.html - park7677, on 10/12/2007, -0/+1Also happens if you have a folder with a FQDN (ex: www.google.com) it will open the folder instead of going to Google. It's because the desktop (for some reason) has precedence when it uses PATH (it checks Desktop before checking system32 or the internet).
- blaze890, on 10/12/2007, -0/+1lol stupid windows
- crunk, on 10/12/2007, -0/+1This *is* a possible security problem although unlikely as it seems it will run notepad.* to demonstrate create (harmless) notepad.cmd I list at the end of this post and view source.
REM Listing of notepad.cmd :
@echo off
echo This could execute some arbitrary commands or code
pause - stutheidiot, on 10/12/2007, -1/+1Neat trick, crappy link, no digg
- snowthrower, on 10/12/2007, -0/+0Lame, reported, and its by design in XP.
- crunk, on 10/12/2007, -0/+0socket: An inintended result is a bug in the classic sense of the word.
- Jorg, on 10/12/2007, -0/+0"So what this means is that if someone put a hidden file on your desktop named notepad.exe and you tried to view the source of a page I could very possibly install what I want. weird. "
That is not a security hole. If they can put a file on your desktop, they have already broken into your system.
Jorgie - modpancake, on 10/12/2007, -0/+0You had me at first. Undugg & lamed.
- bball2, on 10/12/2007, -0/+0Nothing happened... I have xp pro sp2, maybe that's the reason?
- aepex, on 10/12/2007, -0/+0Wow, that is the weirdest bug I've seen in a long time, but I have to say, I'm not really surprised...
- Jorg, on 10/12/2007, -0/+0"What happened to the cool Digg of months gone by, before the invasion of 13 year olds?"
Thank you! I thought it was just me...
Slashdot is now old and busted.. (old news and comments are 90% trash..)
And now Digg is going downhill fast.
Jorgie - matx, on 10/12/2007, -1/+1Oh dear, i better start moving to Linux!!! dont want bugs!
- konrad, on 10/12/2007, -0/+0Very cool :>
- RiddickRom, on 10/12/2007, -0/+0Not really amazing but I raised an eyebrow :)
- aphextwin, on 10/12/2007, -0/+0DOn't know if anyone tried this..got tired of reading all the elitist ***** up there. But I took a random program named it notepad.exe and it ran the program. So what this means is that if someone put a hidden file on your desktop named notepad.exe and you tried to view the source of a page I could very possibly install what I want. weird.
- teh_toaster, on 10/12/2007, -0/+0I haven't tried it but I'm sure you could fix this by editing the PATH statement and changing the order of the statements.
- AttroPheed, on 10/12/2007, -0/+0The front page with this *****? really??
- 7of7, on 10/12/2007, -0/+0noonebutme, you miss the point. It's that some IE browsers open the folder named notepad instead of the actual program when that folder is on the desktop. For me, however, IE7 opens Amaya for some reason.
- Magnum2066, on 10/12/2007, -1/+1"Damn, it must be a bug...it won't work for me....WAIT....Im using a Mac. Whew...no bugs here."
***** fanboys. -.-
Reported and lamed. - covrigel, on 10/12/2007, -0/+0that's not as fun as the con bug
- jhennig, on 10/12/2007, -0/+0where's the beef? no digg.
- ra3ndy, on 10/12/2007, -0/+0It's not a bug...it's a feature!
- tmanka, on 10/12/2007, -0/+0Doesn't do anything strange for me....
- gwjc, on 10/12/2007, -0/+0who needs teh link; read the comments or just try it.. anyway, dugg just because they sux
- inactive, on 10/12/2007, -0/+0Since IE uses notepad to view source, it just executes notepad,,... and if there is a folder named notepad, ti will exectute that.
- Debajit, on 10/12/2007, -0/+0The View Source Bug works even in Windows 2000.
I guess it's a problem with Windows in general - babylonian, on 10/12/2007, -0/+0
- rzwitserloot, on 10/12/2007, -0/+0Here's a much more fun IE bug:
when typing a shortcutted URL (no http:// in front of it, and lets be honest, Average Joe does not enter http://) into the address bar, IE *FIRST* checks if there is a file with that exact name on the desktop. If it is there, it'll try and open that instead. If that file happends to be a shortcut to a URL, it'll open that URL.
Mischief: Create a new shortcut named 'www.google.com' and point to any insane web site you like. Copy it to google.com and any other 'URLs' you think might be entered on this machine. Now, with some careful dragging or screen spanning antics, drag the slew of icons so far off the screen that you don't notice them.
Now anytime someone opens up IE and enters 'www.google.com' in the address bar, you go to this other site instead. Even many hackers get confused by it - they almost invariably think someone's been modifying their hosts file. - ZeNiTRaM, on 10/12/2007, -0/+0doesn't work, maybe because ultraedit32 is my default editor. uedit32 folder doesn't work tho.
no digg. - inactive, on 10/12/2007, -0/+0My pants are full of care about this.
- digitalsin, on 10/12/2007, -0/+0"Amazing" is a little bit of an overstatement isn't it?
- eastcoastweb, on 10/12/2007, -0/+0If you didn't realize it would do this, then we know why your on Windows... frickin noobs!
- brehloi, on 10/12/2007, -0/+0You know what is even more funnier? Create a shortcut to firefox.exe and name it notepad. It will start Firefox and go to the page opened in IE :)
- chickan, on 10/12/2007, -0/+0Here is a real bug.. try making a folder on the desktop called "desktop". It causes problems with windows explorer when displaying folders in the tree view.
- nneonneo, on 10/12/2007, -0/+0This is how it works: IE is set to start from your desktop, and internally uses "notepad %1" rather than "%systemroot%notepad.exe %1" leading to the obvious revealing of your notepad folder instead.
- foxhoundadmin, on 10/12/2007, -0/+0Matt2k, because digg's comments don't allow slashes. maybe you should report this and make another sudo-intelligent front page story!?
- dknighton, on 10/12/2007, -0/+0Holy Crap!!! A bug in XP? OMFG hax0rs are breaking into my l33t PC right now!
Next you're gonna tell me that Paris Hilton is a slut and the sky is blue!!! GET OUTTA MY FREAKIN' HEAD!!!!
That sound you just heard was my sarcasm detector exploding. - chill392, on 10/12/2007, -0/+0Doesn't work for me... Probably 'cause I'm running Vista...
-
Show 51 - 66 of 66 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is