Media Player: Local File Detection Vulnerability
测试方法:
[www.sebug.net]
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
*** Windows Media Player Plugin: Local File Detection Vulnerability ***
A design flaw in Windows Media Player 11 allows a remote attacker to determine the \
presence of local files (programs, documents, etc.). I sent an e-mail to Microsoft \
(nearly a year ago) but they never responded…
Windows Media Player permits to open locally stored media-files. Opening \
non-supported files usually provokes an error message. By a simple HTTP-redirect, the \
error message can be circumvented. Local files can be opened. The \
file-opening-procedure can be controlled with the “Player.OpenStateChange Event”. If \
a file exists, event 8 (”MediaChanging”) is fired. This way, via JavaScript, a \
malicious web site could determine the presence of local (and remote) files.
Additional infos (in German): www.lrv.ch.vu
I’ve also set up a demo page at: http://lrv.bplaced.net/wmp/wmp.php
// sebug.net [2009-10-31]
您好,做个友情链接,贵站的已经做好
名称:短线是银
网址:www.dxexpert.cn
--------------------------------------------------------------
2009-11-02 22:53已通过
By:英雄
你好 申请友情连接 ,贵站连接已做好 ,请审核
------------------------------------------------------------------
2009-11-06 10:16已通过
By:英雄
你好 我想请问一下贵站首页的背景音乐是在哪里下载的 可否提供一个下载地址给我
2009-11-12 01:57我邮箱[email protected]
我QQ703764197
-------------------------------------------------------------------------------------------
http://www.att4ck.com/images/tenyears.mid即可下载
By:英雄