[26847] in bugtraq
Re: Security side-effects of Word fields
daemon@ATHENA.MIT.EDU (Kyle Duren)
Wed Aug 28 11:29:55 2002
Date: 27 Aug 2002 07:11:09 -0000
Message-ID: <20020827071109.2678.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Kyle Duren <acidrain_ask@pixitha.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20020826212322.1137.qmail@mail.securityfocus.com>
Could you use this in say a network environtment?
change this around a bit to get files that someone else has access to, but
you dont?
ie: { IF { INCLUDETEXT { IF { DATE } = {
DATE } "\\servername\usershare\a.txt" "c:\\a.txt" } \* MERGEFORMAT }
= "" "" \* MERGEFORMAT }
Using the permissions of Bob to get a file that Alice doesn't and
shouldn't have access to.
I do not have a file server to test that one, so its only an idea.
"An eye for an eye only makes the whole world blind" - Ghandi
Kyle Duren
