Today I was surfing the Net and I’ve found something really interesting which I never had the time to have a deeper look on but where I think are many ways of exploiting such stuff, I’m talking about registered URIs in web browsers. For example we all know about http://, ftp://, file:// and some more of these but there are much more of these and under some circumstances you can exploit this so that the browser will access this resources in a malicious way and exploit for example a vulnerability in another piece of software. I don’t want to go deeper into this topic now because Nathan McFeters and Billy Kim Rios wrote a very cool paper on this called “URI Use and Abuse – Accessing System Resources thru Developer Created URIs and XSS Exposures, aka Coming In Thru the Developer’s Back Door” which you can find here and there’s also a “Cross Application Scripting Demo / URI Vulnerabilities Demo” how they call it and this one you can find here. Good work guys and as soon as I’ve got the time I’ll also have a look at that kind of stuff.