Bugtraq mailing list archives
Re: IE 5.0 allows reading and sending local files to a remote
From: sxpert () MULTIMANIA COM (root)
Date: Wed, 31 Mar 1999 09:27:58 +0200
This is a well known vulnerability in the microsoft product cited below. This vulnerability was thought of having being taken care of in Microsoft Internet Exploder 4.01 version, but apparently hasn't. Amaury JACQUOT ps: This message is a look like microsoft bug-advisory in content. it is purely af fake, but the info is true... (just to poke fun at Microsoft)... Le mar, 30 mar 1999, vous avez écrit :
There is a security bug in Internet Explorer 5.0, which allows reading and sending local files to a remote server. The problem is a bug in the DHTML edit control, which allows pasting a filename in a FILE object. When the form is submitted via JavaScript, the contents of the file are sent to a remote server. Demonstration is available at: http://www.nat.bg/~joro/fr.html Workaround: Disable JavaScript I would like to thank Juan Cuartango (http://pages.whowhere.com/computers/cuartangojc/index.html) for his IE exploits, which helped me a lot for discovering this vulnerability! Regards, Georgi Guninski http://www.nat.bg/~joro
-- Ingénieur réseau Esitcom Membre d'APRIL Avoid software piracy, use FREE software. http://www.multimania.com/sxpert http://www.april.org
Current thread:
- Re: IE 5.0 allows reading and sending local files to a remote root (Mar 30)