Browser Vulnerabilities

[David Bandel]

On 2/13/07, James McDonald <james at jamesmcdonald.id.au> wrote:
> http://www.theregister.co.uk/2007/02/13/browser_vulns/
>
> I wonder if this could ever be exploited in real life?

First, UNIX systems should be using shadow files which normal users
can't read.  The /etc/passwd file should never contain passwords.

Second, M$ says the user must enter the filename.  Why?  OK, the user
will have to click on a button (perhaps one that says OK vice Submit),
but the filename could already be hardcoded into the web page (and
depending on some code, could determine if it needed to ask for a
Windows or UNIX file).

Third, I always thought the "Submit" button was appropriately named.
I always like it when the ladies submit :-).

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto