Quantumwave Interactive Inc.
Interactive media development . Programming . Design . Consulting
of gaining access to files on a user's hard drive
March 10, a Netscape/Shockwave security hole on Netscape's
mailbox was announced.
After reading about it, I discovered another method
to gain access to theoretically any file on the user's
Because of even greater security risks with this method, I have not and will not post the method publicly other than showing that it can be done. This method has been passed on to engineers at Macromedia. The new Shockwave 5 plug-in eliminates the problem.
This security hole is inherited from the Netscape protocol model and is only exposed by Shockwave. Personally, I think Macromedia engineers did a great job getting fixes out so soon.
This Shockwave works under both Mac & Windows (provided you're using the pre-March 19, 1997 Shockwave 5 plug-in) and shows the correct screens. Just click on the appropriate buttons to see the effect - no information retrieved from your hard drive is sent to a remote server.
This new demo (updated March 16) is also able to get the directory listing of your hard drive although it is displayed in HTML (I haven't spent time to parse it into plain text yet). Examining the text reveals your directory structure and file information (size, dates etc.); this information could be sent to a remote server, or the program could get to individual files in unique folder names.
Note that it may take awhile to scan and load up the text if your directory has many files. The text window is limited to 32K - long listings will be chopped off at the end.
Mac users: this only works if your hard drive is named "Macintosh HD" (the default volume name). To get your Netscape bookmarks, it should be located in the default location: Macintosh HD:System Folder:Preferences and in the default Netscape folder (with the funny "f" at the end). The Desktop Folder button displays files on the "Macintosh HD" desktop.
PC users: this method can also retrieve other files from the hard drive and is not limited to Autoexec.bat or Config.sys. The Windows directory is also displayed in HTML at this point.
The Copy button just copies the text (limited to 32K) to your system clipboard.
Again, if this demo works on your computer, you should most definitely get the new plug-ins! (Any version dated after March 19, 1997: version f3 for 68K, PPC & Win 3.1; version f5 for Win95/NT.)
Copyright © 1995-2009 Quantumwave Interactive Inc.