TUCoPS :: Browsers :: hack0845.htm

Internet Explorer Local File/Directory Detection
Internet Explorer Local File/Directory Detection 

Description:
============

This vulnerability, are based on the equal characteristics discovered by the
company GreyMagic Software of Israel in some of the versions of the
navigator Opera.

This bug also is available in the popular MS Internet Explorer, which could
be operated by a remote user to acquire sensible data of a remote system.
When a file or directory is assigned iframe that does not exist, this
navigator will generate an error. A remote user can create code HTML that
loads iframe and changes to the URL from this resource to a file or local
directory, and then detects if there is that error to determine if that
element exists.


Proof Of Concept (POC/Exploit):
===============================

-------------------------

 


-------------------------


Tested on:
==========

MS Internet Explorer 6.0.2800.1106 (SP1,Q867801) Win9x
MS Internet Explorer 5.0 Windows 2000

Also in Mozilla Firefox without success.


More Info:
==========

Opera Local File/Directory Detection.
http://www.greymagic.com/security/advisories/gm009-op/ 


Disclaimer:
===========

The information in this advisory and any of its demonstrations is provided
"as is" without warranty of any kind.

We are not liable for any direct or indirect damages caused as a result of
using the information or demonstrations provided in any part of this
advisory. 


Version en
Espaņol:
===================
http://www.rzw.com.ar/article1820-Internet-Explorer-deteccion-remota-d e-directorio-o-archivo-local

-- 
Martin [XyborG] Aberastegue
http://www.rzw.com.ar 
http://www.lafrase.net 

NEU: Bis zu 10 GB Speicher für e-mails & Dateien!
1 GB bereits bei GMX FreeMail http://www.gmx.net/de/go/mail

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH