Well it seems Microsoft convinced the guys at Jabadoo to take down the demostration page. For those that didnt get to see it here it (silly for them to think that taking it down after it was up would make a differnce). Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 ---------- cut here ----------
This sample page shows the first part of the jabadoo hack:
With a delay of 5 seconds, the content of the file C:\WINDOWS\DESKTOP\T1.TXT is loaded by this sample page and displayed in a message box.
In a second step, this content could be hidden in an url and transfered to every server on the net ...
If you get an error message, the timeout of 5 seconds is propably too short or the file C:\WINDOWS\DESKTOP\T1.TXT does not exist on your computer ...