Bugtraq mailing list archives
Full source for File field vulnerability
From: Billy Nothern <disk_key () HOTMAIL COM>
Date: Fri, 8 Dec 2000 16:30:35 -0000
I've gotten a lot of mails asking for the full source, so here's a link: http://attrition.org/security/key/ There are two versions there. One for IE 5 and one for IE 4. It wasn't mentioned in the Microsoft Advisory that IE 4 could be vulnerable to this attack, but my tests have shown that it is. The IE 4 version is basically a hacked-up copy of the IE 5 exploit. I do things in a different order in the IE 5 version than I do in the IE 4 exploit. For example, focus is kept on the File field, while my script populates the userInput field with the user's keystrokes. This vulnerability seems to come from the fact that a script can catch a user's keystroke and modify it (window.event.keyCode), and the modified key is sent to the focused window. Bad thing to happen. Thanks to Attrition for hosting my files! Goodbye, key _____________________________________________________________________________________ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
Current thread:
- Full source for File field vulnerability Billy Nothern (Dec 11)