[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security holes in JavaScript/Netscape 2.0 (fwd)

I was just checking out some of the JavaScript security issues raised recently,
and it seems to me something even more evil than merely getting the directory
hierarchy of a client's machine can be performed.  The script at
http://www.c2.org/~aelana/javascript.html will not only tell me WHAT files are
on my machine.  It will print their contents, too - at least in the
stealWindow. This includes files like /etc/passwd, /etc/exports, etc.

Now I don't fully understand John's script yet, so is there something I'm
missing here?  Admittedly, I haven't tried setting up things myself and
actually transferring the files back to my server, but what is it exactly that
allows the transfer of the directory information placed in the stealWindow back
to the server and yet not transfer actual file contents?


  d a t a b a s e s    a r e   i n   o u r  g e n e s
  Brian Karlak   bkarlak@panbio.com  (510) 337-7910 ph
  Manager, SciApps Group             (510) 522-9394 fx
  P  A  N  G  E  A     S  Y  S  T  E  M  S     I  N  C
This message came from the mailing list javascript. For help using the
mailing list software, please send a message to 'majordomo@obscure.org'
with the message body 'help'. To unsubscribe, send a message to
'majordomo@obscure.org' with the message body 'unsubscribe javascript'.