IE allows running Malicious Scripts due to a bug in 'folder View for FTP sites'.
If you enable both an 'Enable folder view for FTP sites' IE Advanced Setting
and an 'Enable Web content in folders' Explorer Folder Option,
the script embedded in FTP Server Address will run.
(Both options are set to 'Enable' by default.)
* It's important that the script runs in the My Computer Zone!
This is a static link that will execute C:/Winnt/notepad.exe if you click it (Windows NT/2000/XP)
.
This one will execute C:/Windows/notepad.exe (Windows 9x)
.
If you want to run another file, please use the dynamic textarea below to generate a new exploit link.
Input arbitrary script:
Raw FTP link
This will become your FTP link, ready to click