[8637] in bugtraq
Re: Netscape Communicator 4.5 can read local files
daemon@ATHENA.MIT.EDU (Trev)
Wed Nov 25 19:20:42 1998
Date: Wed, 25 Nov 1998 14:13:05 -0800
Reply-To: Trev <trev@KICS.BC.CA>
From: Trev <trev@KICS.BC.CA>
X-To: Ben Collins <bmc@VISI.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981125124832.D3883@visi.net>
At 12:48 PM 11/25/98 -0500, Ben Collins wrote:
>If some one here can setup a webpage, send me the URL, have that page read
>the file '/test.txt' from my hardrive and then that person send the
>contents to this list, I will believe. Otherwise I think this whole
>hysteria over 'unforseen' dangers should stop.
I've whipped up a couple of demos of this bug that send the contents to a
cgi. There is a windows version that I know works, and a unix version I
can't test because my linux box is down (it's a hardware thing). This is
for anyone who has doubts....
http://www.kics.bc.ca/~trev/cgi-bin/test.html (Windoze)
http://www.kics.bc.ca/~trev/cgi-bin/test-unix.html (UNIX)
And yes, it can email it to you if you like :)
Trev
