[10058] in bugtraq
Re: IE 5.0 allows reading and sending local files to a remote
daemon@ATHENA.MIT.EDU (root)
Wed Mar 31 13:18:34 1999
Date: Wed, 31 Mar 1999 09:27:58 +0200
Reply-To: root <sxpert@MULTIMANIA.COM>
From: root <sxpert@MULTIMANIA.COM>
To: BUGTRAQ@NETSPACE.ORG
This is a well known vulnerability in the microsoft product cited below=
.
This vulnerability was thought of having being taken care of in
Microsoft Internet Exploder 4.01 version, but apparently hasn't.
Amaury JACQUOT
ps : This message is a look like microsoft bug-advisory in content.
it is purely af fake, but the info is true... (just to poke fun at Micr=
osoft)...
Le mar, 30 mar 1999, vous avez =E9crit :
> There is a security bug in Internet Explorer 5.0, which allows readin=
g
> and
> sending local files to a remote server.
> The problem is a bug in the DHTML edit control, which allows pasting =
a
> filename in a FILE object. When the form is submitted via JavaScript,
> the
> contents of the file are sent to a remote server.
>
> Demonstration is available at: http://www.nat.bg/~joro/fr.html
>
> Workaround: Disable JavaScript
>
> I would like to thank Juan Cuartango
> (http://pages.whowhere.com/computers/cuartangojc/index.html) for his =
IE
> exploits,
> which helped me a lot for discovering this vulnerability!
>
> Regards,
> Georgi Guninski
> http://www.nat.bg/~joro
--
Ing=E9nieur r=E9seau Esitcom Membre d'APRIL
Avoid software piracy, use FREE software.
http://www.multimania.com/sxpert
http://www.april.org
