> http://www.security7.ch.vu/ > > When entering, it claims that you are exposed and tracked and a lot of information > is stored on your computer (doh..altho i dont keep names on it etc..). > What caught my attention is that the show you the contents of your root directory > (c:\ for a windows machine...). > What's alarming is that I don't see how this thing could've been done. I dont allow > any shares, I dont allow any services, and unless it is an IE exploit of some sort, > there is no other way to explain it. My firewall (TPF) handles all the microsoft > network issues and only internal LAN can even see my nbt name etc... > this is weird. > Anybody know how this is done ?
http://www.sexbunnys.at/evidence/7/m.html (one of the frames) contains the following tag. <iframe src="file:///C|/" height=200 width=640 marginwidth=0 marginheight=0 scrolling=no frameborder=3 vspace=2> It's showing you a directory of your local C: drive, which is valid on the client side. As far as I can tell, it doesn't actually expose any local files to anyone remotely. It just looks like a trick to get you to sign up for a service.
