Internet Explorer, Opera & Safari Local File Acesses Proof Of Concept


A) Installed Softwares Scan Proof Of Concept

This POC scans your local hard drive looking for installed Softwares. The results of this scan are for your eyes only. The results are not sent to anyone else. The purpose of the demo is to show an information leak problem in Internet Explorer, Opera & Safari browsers which allows a web site to find out installed windows application in your local system. This program takes about 15 seconds to complete the scan.


B) Local file acesses Proof Of Concept

This POC acesses your local hard drive files and render it in your browser.

1) Bgsoung tag trying to play local wave file C:\WINDOWS\Media\Windows XP Startup.wav & C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma

2) Image tag trying to accesses Local image file C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg

3) Input tag trying to accesses local bmp file C:\WINDOWS\Greenstone.bmp

4) Embed tag trying to accesses local pdf file C:\test.pdf (copy a pdf file to C drive and rename it to test.pdf)

5) Object tag trying to accesses local midi file C:\test.mid (copy a midi file to C drive and rename it to test.mid)

6) Script tag trying to accesses local gif file C:\test.js (make a javascript file to C drive test.js)

7) Body tag trying to accesses local gif file C:\test.gif as background image (copy a gif file to C drive and rename it to test.gif)

8) Style tag trying to accesses local jpg file C:\test.jpg as background image (copy a gif file to C drive and rename it to test.jpg)