[clug] Browsers executing commands
gbj at theforce.com.au
gbj at theforce.com.au
Mon Apr 5 14:59:07 GMT 2004
You can could use a helper application in your browser (Mozilla in this case)
application/x-sh /bin/bash
Put test script on web server far away
http://www.faraway.com.au/test.sh
#!/bin/bash
cat /etc/hosts > /tmp/test.txt
When you browse you will be asked how to open it
enter /bin/bash
Click Always open with this application
Then in a shell on you local machine
cat /tmp/test.txt and you will find your own hosts file :)
You can look what you have done to your prefs.js after you close the browser
Kinda dangerous but you could do some interesting things.
Take care where you go.
GBJ
> Jepri wrote:
>
>> And before anyone mentions it, I do appreciate the problem with someone
>> tricking me into clicking on '<a href="shell://rm -rf ~/">'.
>
> Yeah, I remember that IE about four years ago had similar functionality,
> it was fixed as a bug. I suspect this means you'll have troubles finding
> a browser which supports what you want.
>
> Mikal
>
> --
>
> Michael Still (mikal at stillhq.com) | "All my life I've had one dream,
> http://www.stillhq.com | to achieve my many goals"
> UTC + 11 | -- Homer Simpson
>
More information about the linux
mailing list