Full Disclosure mailing list archives
Re: file upload widgets in IE and Firefox have issues
From: Charles McAuley <cmcauley () imperfectnetworks com>
Date: Mon, 12 Jun 2006 14:22:02 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Danny wrote:
Hi , I read your article , but since I am not at all at home when scripting comes up,I still am wondering what this issue is exactly.
My web-foo is not that strong either. Bart van Arnhem made a much better example in IE than I did. as he says, just simply bang on the keyboard alot. make sure to press the : char and the \ char for a full string. You'll eventually see c:\boot.ini appear.
Could you give me an example as to clarify things for a non ? English speaking fella?
In this wonderful, everything is the web driven world, its entirely possibly that you might type enough text into a web-application in order to filter out all the keys necessary to upload an arbitrary file off of a computer. For instance, into your web mail, or experts-exchange forums, or google's new spreadsheet app, or a typing tutor program. Is this a big a deal? It depends entirely on your web surfing habits.
Also ,what is this ?file input box??Are these the boxes in forms where one is supposed to fill in the name,address, password, etc?
its the input widget... <input type="file" name="uploadme" > where you choose a file to upload from YOUR computer to a WEBSERVER.
Sorry for not understanding it completely , it seems to me you have been busy digging out stuff the programmers should have checked in the first place.
These flaws were reported a year ago, confirmed, and ignored by both Mozilla and Microsoft. I marked the bug on mozilla's site with the security flag, it was their call to remove it. Also, I wasn't the first or last person to find this problem _independently_. This has been known to the Mozilla group since 2000. Surely they could have done something by now? After a year, I figured I'd just let other people know about, maybe then it would get fixed. Do I think this is a huge gaping security hole? Not right now, but Bart's code definitely shows what can be done if other people keep banging away. I'd like to repeat myself on that last point. Security Impact: Minor
Nice job there , I just hope I can fully understand it. Kind regards, Danny ------------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEjbDJyZFfwQJZqy8RAuDlAJ4uWUEEkDuPiNOZr9v2H9M7E63ayQCdEToT S/Q3tXdbTxqOLdbDUA+IaFA= =UJw+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- file upload widgets in IE and Firefox have issues Charles McAuley (Jun 05)
- Re: file upload widgets in IE and Firefox have issues Bart van Arnhem (Jun 08)
- <Possible follow-ups>
- file upload widgets in IE and Firefox have issues Michel Lemay (Jun 07)
- Re: file upload widgets in IE and Firefox have issues Brian Eaton (Jun 07)
- file upload widgets in IE and Firefox have issues Danny (Jun 10)
- Re: file upload widgets in IE and Firefox have issues Charles McAuley (Jun 12)