Bugtraq mailing list archives
Re: Netscape Exploit
From: john () LOVERSO SOUTHBOROUGH MA US (John Robert LoVerso)
Date: Mon, 16 Jun 1997 16:28:10 -0400
Edwin, I find this message thread annoying because no one here actually knows the details of the bug or how to exploit it, yet the subject line hints otherwise. I give you, Edwin, great credit for all the work you did in actually trying something before saying "just use file upload and JavaScript", because it does not just work that way. As history, I *found* a bug with JavaScript and file upload about 16 months ago in Netscape 2.01, just a few days after that release. I did not release details of that bug until 2.02 was released. However, I never got a $1000 "bounty" for that bug (although I did for something earlier). If you've an old browser around (as this was fixed around 3.0b2, I think), you can try it at http://www.opengroup.org/~loverso/javascript/ and look for the entry dated March 21, 1996. John
Current thread:
- Re: Netscape Exploit Justin C. Ferguson (Jun 14)
- SunOS 4.1.4 ftp serious bug Homer W. Smith (Jun 15)
- Re: SunOS 4.1.4 ftp serious bug Francesco Messineo (Jun 16)
- Re: SunOS 4.1.4 ftp serious bug Joe Zbiciak (Jun 16)
- <Possible follow-ups>
- Re: Netscape Exploit Edwin Li-Kai Liu (Jun 15)
- Re: Netscape Exploit John Robert LoVerso (Jun 16)
- Re: Netscape Exploit Sevo Stille (Jun 15)
- SunOS 4.1.4 ftp serious bug Homer W. Smith (Jun 15)