Just by glancing over the source for the page quickly, (http://www.samspade.org/t/safe?u=http://www.sexbunnys.at/evidence/7/m.html) , it looks like they are putting your c:\ dir in an iframe:
<iframe src="file:///C|/" height=200 width=640 marginwidth=0 marginheight=0 scrolling=no frameborder=3 vspace=2> Essentially, they aren't getting this. Your browser is just showing you whats on your hard drive. Just a trick to get you to use their "services". Tyler -----Original Message----- From: LS [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 6:46 PM To: [EMAIL PROTECTED] Subject: www.security7.ch.vu Hi all, I was sent the following address: http://www.security7.ch.vu/ When entering, it claims that you are exposed and tracked and a lot of information is stored on your computer (doh..altho i dont keep names on it etc..). What caught my attention is that the show you the contents of your root directory (c:\ for a windows machine...). What's alarming is that I don't see how this thing could've been done. I dont allow any shares, I dont allow any services, and unless it is an IE exploit of some sort, there is no other way to explain it. My firewall (TPF) handles all the microsoft network issues and only internal LAN can even see my nbt name etc... this is weird. Anybody know how this is done ? Regards, Eli
