Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Jul 2002
    Posts
    73
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Registry and Web(Any of the Above)

    PI:
    Not so recently, I went to a Web site which, without my knowledge (which couldn't of been too hard,
    seeing as IE's security was set to an all time low, just covering ActiveX and FileDownloads), and inserted a
    value/data pair into my registry, forcing two instances of IE (or the default browser, I'm not sure, because
    the former and the latter were the same at the time) to open going to the home page, which it required
    to default back to itself (how convenient).

    Needless to say, this was annoying.

    PII:
    But back to the future, or present, more recently another site arranged(How I don't know) to change my
    registry in a more intriguing area(*hits F7*), namely:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt,
    enabling a new option on the right click menu of IE.

    PIII:
    In another encounter with the third kind, I noticed that once when viewing a certain page, on right click
    under "encoding", appeared an option for "LTR" or "RTL", which has the same effect as the "dir=" in the
    <body>(?) tag.

    PIV:
    Under:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components
    Are the list of Active Desktop Components, now when merging an exported Registry file with fewer Entries
    than that of the current Key, It merely overlaps.

    So my questions are:

    (1)P#I:
    Was PI a security issue? Or can a page actually edit your
    registry?
    (2)P#II:
    To implement a similar effect (Menu Selection) in the registry,
    what value/data pairs would I have to insert\would be valid?
    (3)P#III:
    Was this an IE default implemented within the document, or
    a registry screw-up? If the latter(either actually), how was it
    implemented?
    (4)PIV:
    So, is there a way to force a complete overwrite of the specified
    Key (To prevent cave-men from infiltrating and 'accidently' deleting
    the contents of a purposely hidden file/folder)

    Thanks,
    Guardian

    PS. As the header implies: Any of the Above
    Last edited by Guardian23; 08-07-2002 at 08:10 AM.

  • #2
    New Coder
    Join Date
    Jul 2002
    Posts
    73
    Thanks
    0
    Thanked 0 Times in 0 Posts
    &nbsp;&nbsp;PSS. In case of misunderstanding:
    &nbsp;&nbsp;Q(1) Was to fix the security issue
    &nbsp;&nbsp;Q(2) Was to implement a similar effect
    &nbsp;&nbsp;Q(3) Was to activate the Menu selection &nbsp;&nbsp;indiscriminately
    &nbsp;&nbsp;Q(4) Was to do exactly what it sounds like.

    Main Body:
    &nbsp;If I'm violating any ethical codes here, please let me know, I'm
    not actually trying to reverse engineer stuff or anything like
    that. If there's a problem, please let me know... I'll understand,
    it's not everyday (well maybe it is) that someone tries to fool
    around in the registry. It all started when Q(1) came knocking.

    Thanks,
    &nbsp;Guardian

  • #3
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Under your security settings in IE, what level is the 'Internet Zone' set to? It should be medium. If it is lower, thats what allowed malicious code to be ran on your computer.
    OracleGuy

  • #4
    New Coder
    Join Date
    Jul 2002
    Posts
    73
    Thanks
    0
    Thanked 0 Times in 0 Posts
    &nbsp;Well, at the time I think it was configured to allow cookies from all sites, and to allow scripts to run
    at will, but not to allow ActiveX or "Unsigned Java Applets" I think it was. So I can't of what the
    "malicious"(although it didn't do much) code could have been in.

    &nbsp;I don't think that JavaScript or VBScript could have done it, where as something written in the
    C(++) family definitely could have, I'm at a loss for words here.

    &nbsp;But perhaps... could VBScript have done something indirect to the registry if IE's hole in
    the security allowed it to run?

    Thanks,
    &nbsp;Guardian

    PS. Just for the record, PII feels like deja vu, it happened again, but the security is on Med.

  • #5
    Senior Coder
    Join Date
    Jun 2002
    Location
    near Oswestry
    Posts
    4,508
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If your security settings are suitably low, VBScript could format your c: drive

  • #6
    New to the CF scene
    Join Date
    Jan 2003
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    activex

    hi
    i don't know if i should post this here but i am trying to build an a javascript page that would control an activex menu. This menu will dynamically change everytime a user enters in their favourite website and name of web site. I think i will need to use an array but i cannot seem to find out how to chnage a activex menu to whatever is entered into a text box
    Can anyone help!!!

  • #7
    Regular Coder
    Join Date
    Aug 2002
    Location
    Spain
    Posts
    420
    Thanks
    0
    Thanked 0 Times in 0 Posts
    P2:
    That involves working with regedit, so be careful. That's a very simple example:

    Go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

    Edit>New Key

    name it "Change title" (without the quotes)

    Default value to "C:\WINDOWS\WEB\ChTitle.htm"


    Chtitle.htm (save it to C:\WINDOWS\WEB)

    Code:
    <HTML>
    <SCRIPT LANGUAGE="JavaScript" defer> 
    var parentwin = external.menuArguments;
    
    var noutitol = parentwin.prompt(" New title? ",parentwin.top.document.title);
    
    if (noutitol != null)
    {
    parentwin.top.document.title =noutitol;
    }
    
    </SCRIPT>
    </HTML>
    Restart ie and now you can change the title of the current page from the context menu
    Don't resist to assimilation. Billions of Borgs can't be wrong!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •