The second vulnerability to use is to display a local directory in IE. Of course, the display is not to say that it is necessary to see, but to let the machine see. And when the Folder property of the A element is a directory or shell: Startup, the directory can be displayed in the IFRAM of the web page and the remote file can be written in this directory without any prompts. In order not to see his directory, we also put iframe in the DIV, set its properties to Hidden ----------------- -----------------------------------------------------
