TechSpot

  1. TechSpot Forums are dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot Forums are dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

dragDrop invocation IE vulnerability

By TS | Thomas
Feb 12, 2003
  1. We already knew pressing the back button on IE is dangerous
    (http://online.securityfocus.com/archive/1/267561) So it wont come as a total shock that so is clicking a link :) The problem lies in the dragdrop method that was added as a method on nearly all HTML elements in ie5.5 This method makes any element act like its being dragged. It is possible to abuse this behaviour to drop text in a html upload control thus allowing you to read any file from an unsuspecting users harddisk.

    Would you like to know more? Thanks PivX.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...