[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: Access from a local file

To: Or-talk <or-talk@xxxxxxxxxxxxx>
Subject: RE: Access from a local file
From: downie - <downgeoff2@xxxxxxxxxxx>
Date: Wed, 17 Feb 2010 16:58:20 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 17 Feb 2010 16:58:25 -0500
Importance: Normal
In-reply-to: <533212.63668.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <b9c1bea738d6c4b8441cff37c4e83463@xxxxxxxxx>,<533212.63668.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

> Date: Wed, 17 Feb 2010 11:18:03 -0800
> From: mogulguy@xxxxxxxxx
> Subject: Re: Access from a local file
> To: or-talk@xxxxxxxxxxxxx
> One of the reasons is to prevent malicious users from including file:// urls in an external webpage. With file:// urls, a webpage could be designed to test for the existence of local files on your computer.

How? Same origin policy prevents an external website from accessing any local files directly. And the 'onload' trick detailed at
http://72.32.12.210/archives/vulnwatch/2002-q2/0032.html
doesn't work (FF2 OSX anyway) because the images or Iframes never load from local resources at all.
Do you have a Proof of Concept?

GD

Hotmail: Trusted email with powerful SPAM protection. Sign up now.

Follow-Ups:
- RE: Access from a local file
  - From: Martin Fick

References:
- Re: Access from a local file
  - From: Jon Cosby
- Re: Access from a local file
  - From: Martin Fick

Prev by Author: RE: Access from a local file
Next by Author: Tor & Vidalia RPM repositories
Previous by thread: Re: Access from a local file
Next by thread: RE: Access from a local file
Index(es):
- Author
- Thread