Red Hat Bugzilla – Bug 188803
CVE-2006-1729 File stealing by changing input type
Last modified: 2007-11-30 17:07:24 EST
File stealing by changing input type
Claus JÃ¸rgensen reports that a text input box can be pre-filled with a
filename and then turned into a file-upload control with the contents
intact, allowing a malicious website the ability to steal any local file
whose name they can guess.
Jesse Ruderman reports a variation, changing the type of the input control
in an event handler to work around some of the initial checks.
Upgrade to fixed version.
This issue also affects RHEL3
This issue also affects RHEL2.1
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.