Closed
Bug 290478
Opened 20 years ago
Closed 20 years ago
malicious webpage can filter keyboard strokes and specify a file for uploading from client
Categories
(Core :: DOM: Events, defect)
Tracking
()
People
(Reporter: cmcauley, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2
In the page at www.lemure.net/~chuck/hiddenForm_moz.html you can see a sample
code that demonstrates this problem. By filtering out keyboard events in a
specific order, it is possible to for a webpage to specify the file wanted for
upload. By combining this with CSS, the upload dialog becomes invisible and the
user in unaware of the fact that they are entering a file.
If this is combined with a website related to technical discussion or similar
that has users entering a lot of / \ and : then it becomes somewhat trivial to
upload files.
Reproducible: Always
Steps to Reproduce:
In the problem url specified, enter text into the text box. If a user types the
correct character, it will be captured and send focus to the file upload dialog.
This allows a webpage to specifiy a file name, in this example, C:\boot.ini.
Actual Results:
file upload
Expected Results:
Prevent shifting focus to/from file upload widget.
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 56326 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Comment 2•20 years ago
|
||
Dan: you've marked this as a dupe of the wrong bug.
Gerv
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Comment 3•20 years ago
|
||
excuse the dyslexia
*** This bug has been marked as a duplicate of 56236 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
Comment 4•19 years ago
|
||
This case was assigned to CVE-2006-2894 after disclosed at full-disclosure list:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
You need to log in
before you can comment on or make changes to this bug.
Description
•