Bugtraq: Re: Netscape Exploit SOLVED

[robin.hood () IBM NET (Edwin Li-Kai Liu)]

Yusuf Motiwala wrote:

> Hello Paul,
>
> I think this will not work. First, on reload, netscape fills
> < INPUT TYPE=FILE ..> only if the file is local e.g. it will
> work with file:/myserver/rootpath/abc.html but will not work with
> http://myserver/abc.html.
First of all, I tried the "form field shift" effect on Netscape 4.0 and
it actually works. My investigation is under this condition: local file
html, reload instead of pressing enter on Location bar. I have created a
html document that contains a form on the local machine, I loaded it
into my browser. Then, I changed the form fields and reload the page
again. The data is in a correct order, but does not fit in the right
form field. I mean, the form data 'shifted' to another field.

The next problem would be, how can we make the client side reload this
page automatically? There would be several ways to accomplish. It will
work with JavaScript, but it 'might' also work if the document expiry
date is specified.

> Second, history.go(0) will not reload the file unless it is on local
> machine (or not in cache..????).
True, but I didn't remember if he mentioned that before.

--

Robin Hood
------------------------------------
Dreaming of a butterfly, fly into the sky.
¹Ú·QÅܦ¨½¹½º¡A­¸¤W¤ÑªÅ¡C