Jabadoo Security Hack

Aleph One (aleph1@DFW.NET)
Fri, 17 Oct 1997 18:05:56 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Fix Now Available for "Freiburg" Text-Viewing Issue"
Previous message: VaX#n8: "computer immunology"

Well it seems Microsoft convinced the guys at Jabadoo to take down the
demostration page. For those that didnt get to see it here it (silly for
them to think that taking it down after it was up would make a differnce).

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01

---------- cut here ----------
IE4 Jabadoo Hack

This sample page shows the first part of the jabadoo hack:

With a delay of 5 seconds, the content of the file C:\WINDOWS\DESKTOP\T1.TXT is loaded by this sample page and displayed in a message box.

In a second step, this content could be hidden in an url and transfered to every server on the net ...

If you get an error message, the timeout of 5 seconds is propably too short or the file C:\WINDOWS\DESKTOP\T1.TXT does not exist on your computer ...

English Press Release

German Press Release