[10066] in bugtraq
Re: IE 5.0 allows reading and sending local files to a remote
daemon@ATHENA.MIT.EDU (Andrew Tulloch)
Wed Mar 31 15:44:51 1999
Date: Wed, 31 Mar 1999 09:14:47 +0100
Reply-To: Andrew Tulloch <frohicky@TECHNOLOGIST.COM>
From: Andrew Tulloch <frohicky@TECHNOLOGIST.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3700FD44.B8B@nat.bg>
If you look under scripting options in security settings there is the option
"Allow paste via script" simply turning this to disabled provides this
result:
<paste>
See the contents of your file among the other stuff
----------------------------------------------------------------------------
----
-----------------------------7cf26c3b6a8 Content-Disposition: form-data;
name = "a"; filename="" Content-Type:
application/octet-stream -----------------------------7cf26c3b6a8--
</paste>
which as far as I see has disabled the reading of local files and is a
little less drastic than disabling all JavaScript.
Regards,
Andrew Tulloch
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@netspace.org]On Behalf Of Georgi
> Guninski
> Sent: 30 March 1999 17:35
> To: BUGTRAQ@netspace.org
> Subject: IE 5.0 allows reading and sending local files to a remote
> server
>
>
> There is a security bug in Internet Explorer 5.0, which allows reading
> and
> sending local files to a remote server.
> The problem is a bug in the DHTML edit control, which allows pasting a
> filename in a FILE object. When the form is submitted via JavaScript,
> the
> contents of the file are sent to a remote server.
>
> Demonstration is available at: http://www.nat.bg/~joro/fr.html
>
> Workaround: Disable JavaScript
>
> I would like to thank Juan Cuartango
> (http://pages.whowhere.com/computers/cuartangojc/index.html) for his IE
> exploits,
> which helped me a lot for discovering this vulnerability!
>
> Regards,
> Georgi Guninski
> http://www.nat.bg/~joro
>
