Safari version 3.0.3 allows for arbitrary file uploads.
8489ee641a4ca6b92c2fe0637101f9baf5bf81edb10606acfab99ef50e353bbeProduct: Safari browser for windows
Tested on: Last version ( 3.0.3 )
Download url :http://www.apple.com/safari/
Demo url: http://images.apple.com/movies/us/apple/safari/2007/wwdc/apple-safari_672x416.mov
Bug: Remote arbitry file upload
Impact: Critical
Fix Available: No
-------------------------------------------------------
1) Introduction
2) Bug
3) Proof of concept
4) Conclusion
===============
1) Introduction
===============
"Now you can enjoy worry-free web browsing on any computer.
Apple engineers designed Safari to be secure from day one."
======
2) Bug
======
safari browser doesn't prompt for a download, it just download the file and send it directly
on the desktop, which is totally unsecure on a windows operating system.
==================
3)proof of concept
==================
http://dams083.free.fr/tmp/index.php
( will upload a .pif directly on your desktop without any prompt ... )
=============
4) Conclusion
=============
Any potentially dangerous file should be prompted(like .exe , .com , .pif , etc )
before uploading the file .
regards laurent gaffiƩ
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed