« AJAX Feedback Mechanism | Main | Understanding AJAX Book »

File Upload Widgets Issue Affects Mozilla and IE

A Javascript flaw have been reported to Secunia related to the file input box. "The vulnerability is caused due to a design error where a script can cancel certain keystroke events when entering text. This can be exploited to trick a user into typing a filename in a file upload input field by changing focus and cancel the "OnKeyPress" JavaScript event on certain characters." according to the security advisory.

The bug affects both IE 6/7 and Mozilla, and even that the bug is rated less critical, it could be exploited by malicious people to trick users into disclosing sensitive information. The solutions to avoid this bug is to disable javascript or avoid visiting untrusted web sites.

Posted by Hatem on June 10, 2006 8:49 AM to Javascript |

Bookmark this article at these sites
Comments
1



Posted by Amirul Momenin | June 27, 2006 11:03 AM | Reply

2



Posted by Amirul Momenin | June 27, 2006 11:04 AM | Reply

3

Disable JavaScript?? Then you would miss out on all the cool features that many sites present. The real solution is to not visit any sites that try to exploit your browser. Google has a warning about known shady sites now, most users would do well to heed the warnings.

Site icon Posted by JavaScript Upload | September 1, 2006 5:56 PM | Reply

4

... wouldn't the people have to type in the address of a file on their computer in order for the script to upload it anyway? If this is the case, this is the reason why the security risk is rated at "low." I don't think it's a good enough reason to disable JavaScript.

Site icon Posted by Jeremy Nicoll | December 30, 2006 6:08 PM | Reply

Post a comment





(Email will remain hidden)





Please enter the security code you see here




Related entries
Email to a friend
Email this article to:


Your email address:


Message (optional):