Check this out (but only if you trust me):
It relies on a bug in some browsers, where the “type” of an input box can be changed into “file” without clearing the value of the input.
Tried this out on the lucky denizens of #linux (irc:irc.linux.ie), and was immediately rewarded with some exclamations of surprise that I’d gotten through their defenses.
Script works in Konqueror (tested 3.5.2) and Safari (1.3.2). Causes a strange rendering problem in Opera.
For those of you that are concerned that I know “ownz” your computer – /etc/passwd is safe. Passwords are stored in /etc/shadow. Anyway, I don’t store any of the files you’ve unwittingly uploaded.