> Date: Wed, 17 Feb 2010 11:18:03 -0800 > From: [email protected] > Subject: Re: Access from a local file > To: [email protected] > One of the reasons is to prevent malicious users from including file:// urls > in an external webpage. With file:// urls, a webpage could be designed to > test for the existence of local files on your computer.
How? Same origin policy prevents an external website from accessing any local files directly. And the 'onload' trick detailed at http://72.32.12.210/archives/vulnwatch/2002-q2/0032.html doesn't work (FF2 OSX anyway) because the images or Iframes never load from local resources at all. Do you have a Proof of Concept? GD _________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/201469227/direct/01/
