res:// File Enumeration. Not on Windows, not using IE - but hell, it works!
July 26th, 2007Robert talked here and here about some File Enumeration Issues in Internet Explorer using the res:// Protocol.
Additionally, the original discoverer - Billy Rios - created an Proof-Of-Concept Exploit for this issue, and here comes my pretty scare result of this exploit:
It detected all these pseudo-Existant files included in Windows like c:\windows\system32\telnet.exe and xcopy.exe in 50ms and the nonexistant ones like c:\windows\system32\1234.dll and asdf.exe within 47.5ms.
THEN I was prompted to search for files on my box and see whether they’re existant or not, just like /etc/passwd and /var/log/auth.log, and for some which don’t even exist like /foo and /tmp/blub.
Now guess what, out of 6 tries RSnake’s tool produced SIX TRUE RESULTS for my Ubuntu Linux box, using reference values which were generated for a freaking Windows System. I have NO Windows installed and I visited the page using Firefox 2.0.0.5 - Now, I’m really scared of this PoC Exploit!
Did you Like this Post? Try these ones! :)
hi5 Antiphishing Departement (Update) on March 24th, 2007
Smash the jumping Ape! on July 24th, 2007
Official Wordpress Updates - 4 fucking days faster than Mozilla on August 5th, 2007
How to play with an Wordpress Admin on February 17th, 2007
This is the first Weblog XSS Worm on July 31st, 2007
July 26th, 2007 at 05:50
[…] Link to Article firefox res:// File Enumeration. Not on Windows, not using IE - but hell, it works! […]