There is a security bug in Internet Explorer 5.0, which allows reading and sending local files to a remote server. The problem is a bug in the DHTML edit control, which allows pasting a filename in a FILE object. When the form is submitted via JavaScript, the contents of the file are sent to a remote server. Demonstration is available at: http://www.nat.bg/~joro/fr.html Workaround: Disable JavaScript I would like to thank Juan Cuartango (http://pages.whowhere.com/computers/cuartangojc/index.html) for his IE exploits, which helped me a lot for discovering this vulnerability! Regards, Georgi Guninski http://www.nat.bg/~joro
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:05 PDT