[8630] in bugtraq
Re: Netscape Communicator 4.5 can read local files
daemon@ATHENA.MIT.EDU (Trev)
Wed Nov 25 00:40:04 1998
Date: Mon, 23 Nov 1998 14:05:16 -0800
Reply-To: Trev <trev@KICS.BC.CA>
From: Trev <trev@KICS.BC.CA>
X-To: Georgi Guninski <guninski@HOTMAIL.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981123183640.207.qmail@hotmail.com>
At 10:36 AM 11/23/98 PST, Georgi Guninski wrote:
>There is a bug in Netscape Communicator 4.5 for Windows 95 and 4.05 for
>WinNT 4.0
>(probably others)
FYI: It also works on 4.04 for Win95 but the opening of the new navigator
window is a dead giveaway, though it would be less suspicious to load the
directory listing into a mini frame with some actual content in the other.
I would guess you could code up some javascript to url encode the contents
of the file and send it to a malicious cgi that could read it from the
query string. There are no warnings given for information submitted via
the "get" method.
Trev
