[26131] in bugtraq
Exploit: TL003/Dot Bug = Reading Non-Parsable Files
daemon@ATHENA.MIT.EDU (Matthew Murphy)
Thu Jul 11 18:24:39 2002
Message-ID: <002501c2285f$89c83a00$e62d1c41@kc.rr.com>
From: "Matthew Murphy" <mattmurphy@kc.rr.com>
To: <bugtraq@securityfocus.com>
Date: Wed, 10 Jul 2002 17:17:11 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
I have produced an exploit, based on Thor's advisory about
the OBJECT Cross-Domain scripting attack, that allows users
to read some types of files (e.g, INI, BAT, ...) that aren't
normally readable through most vulnerabilities.
The exploit is available at:
http://www.murphy.101main.net/localread.htm
"The reason the mainstream is thought
of as a stream is because it is
so shallow."
- Author Unknown
