--- layout: post status: publish published: true title: IE7 Remote File Access wordpress_id: 255 wordpress_url: http://pro.grammatic.org/post-ie7-remote-file-access-46.aspx date: !binary |- MjAwOC0wMy0wNSAwODo0MTo1NyArMDEwMA== date_gmt: !binary |- MjAwOC0wMy0wNSAwODo0MTo1NyArMDEwMA== categories: - Technology - InfoSec tags: - information security - IE7 comments: [] ---
Just a quick post to draw attention to Ronald's excellent article at http://www.0x000000.com/?i=525 where he has pulled off a very interesting remote file access in IE7. The attack works by including an invalid DTD on an XML file which then streams the content of the requested file in its error message.
Use IE7? Be afraid.