TITLE: Test IE DYNSRC File Disclosure Vulnerability

DATE: 2002-03-27

DESCRIPTION:

Uses the "dynsrc" attribute of <IMG> tag to determine the existence of local files. If local files exist, it is possible to get their attributes.

Try the vulnerability:

1-Enter a local file name in the input field (c:/.../filename)

2-Click the submit button

3-If the file exists, its attributes will be displayed

Please, enter a filename:

Originally posted at http://sec.greymagic.com/adv/gm003-ie