Re: IE 5.0 allows reading and sending local files to a remote

[sxpert () MULTIMANIA COM (root)]

This is a well known vulnerability in the microsoft product cited below.
This vulnerability was thought of having being taken care of in
Microsoft Internet Exploder 4.01 version, but apparently hasn't.

Amaury JACQUOT

ps: This message is a look like microsoft bug-advisory in content.
it is purely af fake, but the info is true... (just to poke fun at Microsoft)...

Le mar, 30 mar 1999, vous avez écrit :
> There is a security bug in Internet Explorer 5.0, which allows reading
> and
> sending local files to a remote server.
> The problem is a bug in the DHTML edit control, which allows pasting a
> filename in a FILE object. When the form is submitted via JavaScript,
> the
> contents of the file are sent to a remote server.
>
> Demonstration is available at: http://www.nat.bg/~joro/fr.html
>
> Workaround: Disable JavaScript
>
> I would like to thank Juan Cuartango
> (http://pages.whowhere.com/computers/cuartangojc/index.html) for his IE
> exploits,
> which helped me a lot for discovering this vulnerability!
>
> Regards,
> Georgi Guninski
> http://www.nat.bg/~joro
--
Ingénieur réseau Esitcom        Membre d'APRIL
Avoid software piracy, use FREE software.
http://www.multimania.com/sxpert
http://www.april.org