IE 5.0 allows reading and sending local files to a remote server

From: Georgi Guninski (joroat_private)
Date: Tue Mar 30 1999 - 08:35:16 PST

Next message: Patrick Oonk: "[support_feedback@us-support.external.hp.com: Security Bulletins"

Previous message: Juha Virtanen: "Re: Bug in xfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a security bug in Internet Explorer 5.0, which allows reading
and
sending local files to a remote server.
The problem is a bug in the DHTML edit control, which allows pasting a
filename in a FILE object. When the form is submitted via JavaScript,
the
contents of the file are sent to a remote server.

Demonstration is available at: http://www.nat.bg/~joro/fr.html

Workaround: Disable JavaScript

I would like to thank Juan Cuartango
(http://pages.whowhere.com/computers/cuartangojc/index.html) for his IE
exploits,
which helped me a lot for discovering this vulnerability!

Regards,
Georgi Guninski
http://www.nat.bg/~joro

Next message: Patrick Oonk: "[support_feedback@us-support.external.hp.com: Security Bulletins"
Previous message: Juha Virtanen: "Re: Bug in xfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:05 PDT