> > Not Exactly !! I wud rather suggest you to do a little more research and > draw any conclusion. Keep those _Security Zones_ in mind before you post > anything... > > I did the research on Windows XP SP2
The script with ActiceX and XML was uploaded to http://www.geocities.com/gaurav_e2/exp.html The screenshot at the following URL shows the note.xml placed at C:\ while the ethereal is showing POSTing the data to attacker's site. http://rapidshare.de/files/9619254/gaurav_kumar.JPG.html Clearly geocities.com is in Internet zone. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
