Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE 5.0 allows reading and sending local files to a remote

From: frohicky () TECHNOLOGIST COM (Andrew Tulloch)
Date: Wed, 31 Mar 1999 09:14:47 +0100

If you look under scripting options in security settings there is the option
"Allow paste via script" simply turning this to disabled provides this
result:

<paste>
See the contents of your file among the other stuff
----------------------------------------------------------------------------
----
-----------------------------7cf26c3b6a8 Content-Disposition: form-data;
name = "a"; filename="" Content-Type:
application/octet-stream -----------------------------7cf26c3b6a8--
</paste>

which as far as I see has disabled the reading of local files and is a
little less drastic than disabling all JavaScript.

Regards,

Andrew Tulloch


-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () netspace org]On Behalf Of Georgi
Guninski
Sent: 30 March 1999 17:35
To: BUGTRAQ () netspace org
Subject: IE 5.0 allows reading and sending local files to a remote
server


There is a security bug in Internet Explorer 5.0, which allows reading
and
sending local files to a remote server.
The problem is a bug in the DHTML edit control, which allows pasting a
filename in a FILE object. When the form is submitted via JavaScript,
the
contents of the file are sent to a remote server.

Demonstration is available at: http://www.nat.bg/~joro/fr.html

Workaround: Disable JavaScript

I would like to thank Juan Cuartango
(http://pages.whowhere.com/computers/cuartangojc/index.html) for his IE
exploits,
which helped me a lot for discovering this vulnerability!

Regards,
Georgi Guninski
http://www.nat.bg/~joro
Previous By Date Next
Previous By Thread Next

Current thread: