Leto Atreides II
500+ Head-Fier
- Joined
- Feb 29, 2004
- Posts
- 707
- Likes
- 10
Just thought of something regarding the "view source" funciton.
view-source:file:///c:\windows\win.ini
is a perfectly legal string to put in, for instance,
<img src=view-source:file:///c:\windows\win.ini >
I can think of several evil uses for this.
EDIT
Just remembered where i read this, i didnt come up with it after all.
http://computerbytesman.com/security/notepadpopups.htm
view-source:file:///c:\windows\win.ini
is a perfectly legal string to put in, for instance,
<img src=view-source:file:///c:\windows\win.ini >
I can think of several evil uses for this.
EDIT
Just remembered where i read this, i didnt come up with it after all.
http://computerbytesman.com/security/notepadpopups.htm