TechSpot

dragDrop invocation IE vulnerability

By TS | Thomas
Feb 12, 2003
  1. We already knew pressing the back button on IE is dangerous
    (http://online.securityfocus.com/archive/1/267561) So it wont come as a total shock that so is clicking a link :) The problem lies in the dragdrop method that was added as a method on nearly all HTML elements in ie5.5 This method makes any element act like its being dragged. It is possible to abuse this behaviour to drop text in a html upload control thus allowing you to read any file from an unsuspecting users harddisk.

    Would you like to know more? Thanks PivX.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...