[24407] in bugtraq
A reason for concern over ie's GetObject() vulnerabilities...
daemon@ATHENA.MIT.EDU (freewarecollector@hotmail.com)
Mon Feb 25 18:38:19 2002
Date: 25 Feb 2002 14:09:24 -0000
Message-ID: <20020225140924.7496.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <freewarecollector@hotmail.com>
To: bugtraq@securityfocus.com
When i read George Guninski's article (on his site)
about the getobject vulnerability, I wondered how
feasible it would be to actually open a temp. internet
file...
Guess what? It can be done fairly simply. This
doesn't seem too bad at first, but because most
major webmail msgs are stored in temp. internet
files, this causes a pretty vast security glitch. Instead
of snitching cookies, somebody can perhaps also
read mail that you've already deleted...
Not good...
Here's some (still somewhat buggy) proof of concept
code...
for ie6
www.geocities.com/freedatarecovery/hr6.html
for ie4
www.geocities.com/freedatarecovery/hr4.html
Notes: when prompted, type in getmsg for the
dosname (that's the file hotmail uses) or ShowLe for
yahoo
Many error msgs are going to come up, because this
just stabs in the dark to find a msg.
Comments, questions? email
freewarecollector@hotmail.com
+jestar
