Access from a local file

downie - downgeoff2 at hotmail.com
Wed Feb 17 21:58:20 UTC 2010


> Date: Wed, 17 Feb 2010 11:18:03 -0800
> From: mogulguy at yahoo.com
> Subject: Re: Access from a local file
> To: or-talk at freehaven.net
> One of the reasons is to prevent malicious users from including file:// urls in an external webpage.  With file:// urls, a webpage could be designed to test for the existence of local files on your computer. 

How? Same origin policy prevents an external website from accessing any local files directly. And the 'onload' trick detailed at
http://72.32.12.210/archives/vulnwatch/2002-q2/0032.html
doesn't work (FF2 OSX anyway) because the images or Iframes never load from local resources at all.
Do you have a Proof of Concept?

GD
 		 	   		  
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/201469227/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100217/fe5c60b3/attachment.htm>


More information about the tor-talk mailing list