Home page logo
/

bugtraq logo Bugtraq mailing list archives

A reason for concern over ie's GetObject() vulnerabilities... Hotmail...
From: <freewarecollector () hotmail com>
Date: 25 Feb 2002 14:09:24 -0000



When i read George Guninski's article (on his site) 
about the getobject vulnerability, I wondered how 
feasible it would be to actually open a temp. internet 
file...
Guess what? It can be done fairly simply.  This 
doesn't seem too bad at first, but because most 
major webmail msgs are stored in temp. internet 
files, this causes a pretty vast security glitch.  Instead 
of snitching cookies, somebody can perhaps also 
read mail that you've already deleted...
Not good...
Here's some (still somewhat buggy) proof of concept 
code...
for ie6
www.geocities.com/freedatarecovery/hr6.html
for ie4
www.geocities.com/freedatarecovery/hr4.html

Notes: when prompted, type in getmsg for the 
dosname (that's the file hotmail uses) or ShowLe for 
yahoo
Many error msgs are going to come up, because this 
just stabs in the dark to find a msg.
Comments, questions? email 
freewarecollector () hotmail com
+jestar


  By Date           By Thread  

Current thread:
  • A reason for concern over ie's GetObject() vulnerabilities... Hotmail... freewarecollector (Feb 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault