| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <002c01c4fa1c$25d87eb0$0100a8c0@grotedoos> Date: Fri, 14 Jan 2005 10:33:43 +0100 From: "Berend-Jan Wever" <skylined@...p.tudelft.nl> To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com> Subject: Internet Explorer valid JavaScript-file successfull load detection local file enumeration Hi all, Internet Explorer allows webpages on a remote server to load scripts from the local harddisk. These scripts get run in the remote server's security zone. This is not so much cross-site scripting but what I will call "cross-site loading" for now. Cross-site loading is not a new problem, a number of these bugs have been found already, most of which have not been fixed yet, even though the problem is over two years old now. Anyway, using this variant I constructed a webpage that will try to load a JavaScript that is present by default on win2k from various locations on your harddisk(s). If it succeeds, one can assume this is the windows installation directory. Demo and example: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html.php (I also added demos and examples for two other old, known and unfixed cross-site loading problems). FireFox does not allow any cross-site loading as far as I could tell, all three demo's do not work on it for that matter. Cheers, Berend-Jan Wever SMTP: <skylined@...p.tudelft.nl> HTTP: http://www.edup.tudelft.nl/~bjwever MSN: Skylined@...p.tudelft.nl IRC: SkyLined in #SkyLined on EFNET PGP: key ID 0x48479882 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists