|
Vulnerability Development
mailing list archives
All systems with Internet Explorer IE 6.x /OPERA getting Files into your disk even if download is DISABLED Can be used also by BAD webs to fill your DISK
From: "Adonis.No.Spam" <adonis1 () videotron ca>
Date: Sat, 16 Mar 2002 07:50:55 -0500
0 10 20 30 40 50 60 70 80 90 100
|----|----|----|----|----|----|----|----|----|----|
...................................................
.---------------.
/ NtWaK0 Bugs \
+-----------------------------------------------------------------------.
:
Affected : All systems with Internet Explorer IE 6.x /OPERA :
Type : getting Files into your disk even if download is :
Type : DISABLED. Can be used also by BAD webs to fill your DISK :
Date : 15-03-2002 :
Author : NtWaK0 @ www.SafeHack.com :
+-----------------------------------------------------------------------.
+---------------------.
Device Identification \
+-----------------------`-----------------------------------------------.
:
+-----------. :
Disclaimer \ :
+-------------`---------------------------------------------------------.
The information in this advisory is believed to be true based on :
experiments though it may be false. The opinions expressed in this :
advisory and program are my own and NOT of any company. :
In Fact I do not work for no one at the present time. :
:
This material is presented for informational and entertainment purposes :
only, and to satisfy the curious. Any activities described in this file :
which involve vandalism, theft, or any other illegal activities are :
recounted from third-party conversations. I do not condone or encourage :
vandalism or theft. I do not accept any liability for anything anyone :
does with this information. :
Remember: Use a computer in ways that ensure respect for your fellows. :
:
+-------------. :
Brief History \ :
+---------------`-------------------------------------------------------.
This is not BIG issue but still something that need to be addressed. :
:
Internet Explorer 6.x allow you to save a file even if your security :
Setting is HIGH (download file is disabled). Read below for more details:
:
Opera will auto-download files with .cab extension as soon as you open :
the html page. :
:
Internet explorer and Opera are affected by this. Mozilla act PRETTY OK :
:
+---------------------------+ :
Test OS Applications <<< :
+---------------------------+ :
Tested on Windows 2k and XP :
Tested on IE 6.x and opera :
:
+-----------. :
The Problem \ :
+-------------`---------------------------------------------------------.
If you are using IE 6.x (latest) you can still get files into your hard :
disk EVEN if IE security is HIGH which make download DISABLED. :
:
IE 6.x by default will save all .gif .cab .jpg etc,,, when you click :
FROM THE MENU "SAVE AS". :
This will save whatever .gif or .cab linked to the page. :
:
That can may FILL IN your hard disk if someone played some tricks with :
the HTML page that you are saving. :
To see the effect do this: :
:
1- Make sure to set your Internet Explorer Security To HIGH :
(this will disable download files) this mean your should not accept :
file into your hard disk. :
2- From IE menu click "File" then "Save As". :
This will save this page to your disk and it will save whatever files I :
linked to this page. In this test page I linked 2 files in src tag. :
You can see that if you check the source of this page. :
:
TEST PAGE http://www.safehack.com/testpage/testsave.htm <<< :
:
This page will save 2 files on your disk about 2.5 meg so be careful :
if you are on slow link. :
:
Imaging someone put 20 hidden image in an HTML page that point to :
src="test.cab" X 20 and every file let us say 100 Meg. :
When you save you wont save ONLY 100 MegX20 NO you will save 100 X 40 :
this because IE will have to get the file into a tmp folder first then :
copy it to your disk. :
:
Ah this can be used in another way too. How about you put one or two :
src="test.cab" src="test1.gif" on all your web pages and the src is :
linked to a 500 MEG file, in this case NO ONE CAN SAVE YOUR PAGES unless:
they like to get the 500 meg file too. Sure this can be avoided if you :
know how to save HTML using other method. :
:
Opera will auto save the .cab file as soon as you open the HTML page. :
Another problem with opera is even if you have a small cache size the :
file will still get saved and renamed. :
:
To see that set your opera cache size to one meg and re-open this page :
you will notice that opera did in fact save the file and renamed it. :
:
:
+------------. :
The Solution \ :
+--------------`--------------------------------------------------------.
Before you save a page make sure you check the source. Yes it is not the:
best way but at least you know what you are expecting. :
+-----------------------------------------------------------------------.
________________________________________________________________________
The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location... and i'm
not even too sure about that one"--Dennis Huges, FBI.
________________________________________________________________________
Connect yourself to the main computer and let me take you to a
cybernetic ride. Are you connected to the right cybernet? If you are,
finally you are connected to my brain.
________________________________________________________________________
-=- Use a computer in a ways that ensure respect for your fellow -=-
 By Date 
By Thread
Current thread:
- All systems with Internet Explorer IE 6.x /OPERA getting Files into your disk even if download is DISABLED Can be used also by BAD webs to fill your DISK Adonis.No.Spam (Mar 16)
| 
Intro
