[ More On Local Web Servers ]
Just thought I'd post a little discovery I made on the plane-ride home from San Jose. I was looking around in the C:\WINDOWS\system32\drivers\etc directory where the "hosts" file resides and found a file called "networks".
In this file there's a line that looks like this:
Interesting. I fired up my little web server script that I wrote in Perl, entered "http://loopback" into the address bar of Internet Explorer and magically, I'm in the Local Intranet zone, our sweet spot from my previous post on this topic.
So this is yet another way we can perform Cross Zone Scripting if there's an XSS on a locally running web server.