GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Whats on your clipboard (Serious Stuff) IE Vulnerability (https://gfy.com/showthread.php?t=236215)

kirupai 02-13-2004 09:40 PM
Whats on your clipboard (Serious Stuff) IE Vulnerability
 
Ok go to this website:

http://www.infinitybit.com/comsec/clippy.html

As you can see it will show what is currently stored on your clipboard this a serious flaw on IE and it has been for more than 3 yeras. Now how is this dengerous... well lets say you have some sensitive data on your clipboard you visit a website it loads and it mails a form with a field from your clipboard and thats all it takes.

Solution:

Users can close this hole by changing the default Internet setting. Preferably, Microsoft
should change the default option to prompt on the Internet zone.

To close this hole in ~7 clicks: Tools, Internet Options, Security, Internet Zone,
Custom Level, Scripting, Allow paste options via scripting -> Disable.

Credits: Steven Vittitoe and Blake Sterzinger

nofx 02-13-2004 09:42 PM
smokey is going to own gfy with this now, thanks for sharing.

kirupai 02-13-2004 09:46 PM
Quote:
Originally posted by nofx
smokey is going to own gfy with this now, thanks for sharing.
Yeah i was afraid someone will use it against any of us, so thats why i diceded to make it public here so people know about it and can do something to protect their selfs.

lurking 02-13-2004 09:47 PM
jawascript is disabled here. smokey only knows basic html tricks.

Dveron 02-13-2004 09:56 PM
Quote:
Originally posted by kirupai
Ok go to this website:

http://www.infinitybit.com/comsec/clippy.html

As you can see it will show what is currently stored on your clipboard this a serious flaw on IE and it has been for more than 3 yeras. Now how is this dengerous... well lets say you have some sensitive data on your clipboard you visit a website it loads and it mails a form with a field from your clipboard and thats all it takes.

Solution:

Users can close this hole by changing the default Internet setting. Preferably, Microsoft
should change the default option to prompt on the Internet zone.

To close this hole in ~7 clicks: Tools, Internet Options, Security, Internet Zone,
Custom Level, Scripting, Allow paste options via scripting -> Disable.

Credits: Steven Vittitoe and Blake Sterzinger
Useful post. Thanks :thumbsup

Shoehorn! 02-13-2004 10:14 PM
Interesting. They don't know a damn thing with my Mac though. Windows blows.

Lane 02-13-2004 10:25 PM
Quote:
Originally posted by lurking
jawascript is disabled here. smokey only knows basic html tricks.
how can u surf without js?

lurking 02-13-2004 10:29 PM
Quote:
Originally posted by Lane


how can u surf without js?
I dont. it is disabled on the board.

fuzebox 02-13-2004 10:31 PM
I don't have a clipboard...

goBigtime 02-13-2004 10:34 PM
I <3 Mozilla FireFox

gleb 02-13-2004 10:34 PM
wow, thats pretty fucking serious

and before i thought address bar spoofing was hardcore

kirupai 02-13-2004 10:47 PM
Quote:
Originally posted by gleb
wow, thats pretty fucking serious

and before i thought address bar spoofing was hardcore
Yeah adress spoofing is mainley used in phishing scams, they make it look more LEGIT which is a serious problem to.

digifan 02-13-2004 10:59 PM
Quote:
Originally posted by TheSmutPeddlerDOTcom
Interesting. They don't know a damn thing with my Mac though. Windows blows.
:thumbsup

Mr.Fiction 02-13-2004 10:59 PM
Someone used this exploit on GFY already. Good information on how to fix it.

 Smokey The Bear  02-13-2004 11:05 PM
Quote:
Originally posted by lurking
jawascript is disabled here. smokey only knows basic html tricks.
Your a fucking moron with no brains. This exploit has been around for the last year. Completely useless. WHy would i want your paste ?? especially when i can get most people's c:\ in here .

Also jav</b>ascript is not disabled , you just dont have the ability to use it.

<p><font size="2" face="Verdana, Arial">
__________________
<a href="http://www.sucker.com"><img src="http://bestpornhost.com/gfy/jay.png" border="0"></a>

 Smokey The Bear  02-13-2004 11:08 PM
And it isnt a flaw it is part of i.e. like it or hate it. Go to www.tinyurl.com and try it out.

lurking 02-13-2004 11:10 PM
Quote:
Originally posted by *Smokey The Bear*
especially when i can get most people's c:\ in here
lol. whats mine.

 Smokey The Bear  02-13-2004 11:11 PM
Quote:
Originally posted by lurking


lol. whats mine.
Sorry i dont do requests. :)

<p><font size="2" face="Verdana, Arial">
__________________
<a href="http://www.sucker.com"><img src="http://bestpornhost.com/gfy/jay.png" border="0"></a>

lurking 02-13-2004 11:11 PM
Quote:
Originally posted by *Smokey The Bear*


Sorry i dont do requests. :)
chump.

 Smokey The Bear  02-13-2004 11:14 PM
Quote:
Originally posted by lurking


chump.
No mitnick was a chump ( and a rat ) thats why he ended up in jail.

lurking 02-14-2004 12:36 AM
Quote:
Originally posted by *Smokey The Bear*


No mitnick was a chump ( and a rat ) thats why he ended up in jail.
whats your point? are you trying to compare yourself to him? chump.


All times are GMT -7. The time now is 06:18 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123