Exploit: TL003/Dot Bug = Reading Non-Parsable Files

From: Matthew Murphy (mattmurphyat_private)
Date: Wed Jul 10 2002 - 15:17:11 PDT

Next message: David Jacoby: "Re: Can anyone identify this backdoor?"

Previous message: Jordan K Wiens: "Re: Multiple Security Vulnerabilities in Sharp Zaurus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have produced an exploit, based on Thor's advisory about
the OBJECT Cross-Domain scripting attack, that allows users
to read some types of files (e.g, INI, BAT, ...) that aren't
normally readable through most vulnerabilities.

The exploit is available at:
http://www.murphy.101main.net/localread.htm

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

Next message: David Jacoby: "Re: Can anyone identify this backdoor?"
Previous message: Jordan K Wiens: "Re: Multiple Security Vulnerabilities in Sharp Zaurus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 15:24:14 PDT