Re: Netscape Communicator 4.5 can read local files

From: Trev (trevat_private)
Date: Mon Nov 23 1998 - 14:05:16 PST

Next message: Ben Collins: "Re: Netscape Communicator 4.5 can read local files"

Previous message: Ryan Russell: "Re: Netscape Communicator 4.5 can read local files"
Maybe in reply to: Georgi Guninski: "Netscape Communicator 4.5 can read local files"
Next in thread: Ben Collins: "Re: Netscape Communicator 4.5 can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 10:36 AM 11/23/98 PST, Georgi Guninski wrote:
>There is a bug in Netscape Communicator 4.5 for Windows 95 and 4.05 for
>WinNT 4.0
>(probably others)

FYI: It also works on 4.04 for Win95 but the opening of the new navigator
window is a dead giveaway, though it would be less suspicious to load the
directory listing into a mini frame with some actual content in the other.
I would guess you could code up some javascript to url encode the contents
of the file and send it to a malicious cgi that could read it from the
query string.  There are no warnings given for information submitted via
the "get" method.

Trev

Next message: Ben Collins: "Re: Netscape Communicator 4.5 can read local files"
Previous message: Ryan Russell: "Re: Netscape Communicator 4.5 can read local files"
Maybe in reply to: Georgi Guninski: "Netscape Communicator 4.5 can read local files"
Next in thread: Ben Collins: "Re: Netscape Communicator 4.5 can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:11 PDT