Using the method
code:
>>>
I just started very strange this sysimage: / / what protocol, so IE IE:
Sysimage: // c: /winnt/explorer.exe
The result is an icon for an Explorer. What did the 777 after using the program?
So I am very used to write sysimage: // c: /winnt/explorer.exe ,777
IE returns to this page Unable to display
It seems that there is this 777. Since it is the local file of IE, then this 777 is a constructed thing, then I changed 777 to 2. The result returned another icon. Very Obviously .... This 777 similar figure is something that calls the file inside the icon, similar to what we usually seektop.ini icon = Somefile.exe, 7 this, then this code is said, if a file There is defined icon existence, and this file is indeed, then IE returns the Nth icon of this file (n is the definition of itself, if not defined, the default is the first icon), if the file does not exist, then The system will return a folder icon, so this IE will have problems.
First. We can let IE return an icon. If it is correct, then the Nth icon of this program, if there is no this icon, then IE will have an error, then use OneRror to give an answer, and if the file If you don't exist, IE will return a folder icon, which means that OnError is not established, then execute the ONLOAD event. This is clear. Oh.
As for how to use, personal feelings is not worth using the value. Maybe there we can use some of the other vulnerabilities to return some things ...
such as
Sysimage: // c: / documents and settings/administrator/cookies/administrator@icehack.com [1] .txt
In this case, maybe add something to get the cookie cross-site acquisition. I didn't continue to think.
code:
>>>>>>>>>>>>>>
