Microsoft IE local file reading vulnerability

Vulnerability Details

Disclosure status ：

2010-08-02： Actively contact the manufacturer and wait for the manufacturer to claim , Details are not made public
2010-08-02： Manufacturers have taken the initiative to ignore vulnerabilities , The details are made public

A brief description ：

Microsoft IE There are some problems when dealing with access to local files , Combining with Microsoft windows The feature may be able to read some local special files , There may be other uses .

Detailed instructions ：

As a browser, it is inevitable to deal with the problem of cross domain resource access , Then some tags that must allow cross domain, such as iframe,script,style, These tags allow parsing of files in certain formats , If it conforms to javascript Syntax file , accord with css Syntax file , Once local, these files contain sensitive data , Cross domain reading is allowed , Microsoft throws an error when accessing local files （ Can be used to determine whether local files exist ）, But the use of windows Features can bypass this limitation , By default c$ Oh ,win7+ie8 The test passed

<script src="\\127.0.0.1\c$\something.js"></script>

Vulnerability to prove ：

Travel early security_id It is stored in a local file in a fixed location , adopt script You can reference this file , At the same time, combine some javascript You can get the security_id So as to carry out various operations remotely .

Repair plan ：

Think about it , Anyway, loopholes are like IIS File parsing is the same , It has little effect on you

Copyright notice ： Please quote source for reprint   Kekkaishi @ Dark clouds