[clug] Browsers executing commands

gbj at theforce.com.au gbj at theforce.com.au
Mon Apr 5 14:59:07 GMT 2004


You can could use a helper application in your browser (Mozilla in this case)
application/x-sh /bin/bash

Put test script on web server far away
http://www.faraway.com.au/test.sh

#!/bin/bash
cat /etc/hosts > /tmp/test.txt

When you browse you will be asked how to open it
enter /bin/bash
Click Always open with this application

Then in a shell on you local machine
cat /tmp/test.txt and you will find your own hosts file :)

You can look what you have done to your prefs.js after you close the browser

Kinda dangerous but you could do some interesting things.
Take care where you go.

GBJ

> Jepri wrote:
>
>> And before anyone mentions it, I do appreciate the problem with someone
>> tricking me into clicking on '<a href="shell://rm -rf ~/">'.
>
> Yeah, I remember that IE about four years ago had similar functionality,
> it was fixed as a bug. I suspect this means you'll have troubles finding
> a browser which supports what you want.
>
> Mikal
>
> --
>
> Michael Still (mikal at stillhq.com) | "All my life I've had one dream,
> http://www.stillhq.com            |  to achieve my many goals"
> UTC + 11                          |    -- Homer Simpson
>



More information about the linux mailing list