Oh! I was wrong. I didn't see file1's value is
assigned to text1's value.
certainly, it is a flaw as nicely explained by
Zalewski.
I wrote a PoC myself and found that it's not necessary
to put focus on the label. focussing the file input
also works. I succeeded in writing the same PoC
without label with minor modifications.
--- Martin Thurau <laus_at_hrnz.net> wrote:
> i had exactly the same thoughts. the only thing to
> wonder is, why
> firefox process the actual input after it did the
> "onkeydown". but this
> is only "weird" and not a "flaw".
>
>
> Joseph Hick wrote:
> > i didn't understand your poc.
> >
> > you are copying the value of textarea into the
> file
> > input yourself using this code.
> >
> >
>
document.getElementById("text1").value=document.getElementById("file1").value;
> > document.getElementById("text1").focus();
> >
> > so how is it a flaw?
> >
> >
> > --- carl hardwick <hardwick.carl_at_gmail.com> wrote:
> >
> >> New flaw found in Firefox 2.0.0.4: Firefox file
> >> input focus vulnerabilities:
> >> [...]
> >> PoC here:
> >>
> http://yathong.googlepages.com/FirefoxFocusBug.html
> >>
> >> credits by - Hong
> >>
____________________________________________________________________________________
No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.
http://mobile.yahoo.com/mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jul 02 2007
Intro
