02 Jun

file upload security problem

Check this out (but only if you trust me):

demo (source)

It relies on a bug in some browsers, where the “type” of an input box can be changed into “file” without clearing the value of the input.

Fixed in the latest version of Firefox ( Couldn’t test IE, as it sucks and couldn’t handle the JavaScript.

Tried this out on the lucky denizens of #linux (irc:irc.linux.ie), and was immediately rewarded with some exclamations of surprise that I’d gotten through their defenses.

Script works in Konqueror (tested 3.5.2) and Safari (1.3.2). Causes a strange rendering problem in Opera.

For those of you that are concerned that I know “ownz” your computer – /etc/passwd is safe. Passwords are stored in /etc/shadow. Anyway, I don’t store any of the files you’ve unwittingly uploaded.

2 thoughts on “file upload security problem

  1. I tried the demo in FF in Ubuntu. The text box displayed /etc/passwd first but when it was converted to a file upload box the text disappeared. When I hit the submit button Gnome’s file requester appeared to browse for a file.

  2. there is no submit button 😉 that was the “browse…” button. we know then that the fix for Firefox was installed before then

Comments are closed.